Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic IPS Features included in ASA without AIP-SSM

Are there any Basic IPS Features (functionality) included in ASA without AIP-SSM?

3 REPLIES
New Member

Re: Basic IPS Features included in ASA without AIP-SSM

Hello,

Yes!

First, the IP audit feature. This one contains approximately 50 basic signatures on IP, ICMP, TCP flags, DNS, UNIX RPCs and fragmentation.

These sigs are classified into 2 families: Informational and Attacks.

You can define a policy on Informational sigs and another policy on Attacks sigs for each interface (policy-to-interface mappings).

The policy configuration considers 2 things:

- Does an alarm should be generated ?

- If the triggered packets will drop, reset or pass

Second, ASA now have a feature called "Threat Detection".

This feature detect DoS and scanning (nmap scans by example) attacks and give you statistics about threats.

Scanning IP source can be shuned.

Hope it will help you!

Francois

New Member

Re: Basic IPS Features included in ASA without AIP-SSM

I can't get the policy-to-interface mappings to take. the pull down box always says none. Any ideas? also where is the "Threat Detection" configured at?

ASA 7.21

New Member

Re: Basic IPS Features included in ASA without AIP-SSM

The Threat Detection feature comes with version 8.x. You can find it in ASDM under "Configuration" -> "Firewall" -> "Threat Detection"

or on the cli (example):

threat-detection basic-threat

threat-detection scanning-threat shun except object-group admin

threat-detection statistics

For configuring ip-audit first you must configure new IP-Audit policies.

304
Views
0
Helpful
3
Replies