Ok, I've read all the man pages and other discussions on this, so please don't just quote those back to me. I know this is an aggregation of the various drop types and that there is no "set" value that you should set your thresholds at. What I want to know is whether there is a way to tell what is triggering this message, ie: exactly what broke the threshold, something like source-IP or what ACL line is causing it?
If not, if this is simply a message that is going to be generated but you can't pull some specific information as to what generated the message, and thus tell whether its something you should take action on or ignore, is there a way to disable it all-together? I already have the "Enable scanning threat detection" box un-checked, so that's not it!
Hey Cisco, if you're going to generate these messages, I'm sure there are >tons< of us who would like to know exactly what they mean, how to interpret them and what to do about them in more detail. Your documentation is severely lacking!!
ASA-4-733100> [10.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 38086
Issue "show run all threat-detection". The number of triggers of different thresholds can be checked in "show threat-detection rate".
Syslog 733100 is related to scanning-rate, adjusting this parameter should be able to resolve too many messages showing up in the syslogs.
In this case, tuning the command "threat-detection rate scanning-rate 3600 average-rate 15" stopped too many of these messages being logged. In other cases one may have to increase the scanning-rate and average-rate to a higher value.
I can understood that this message is not a serious attack but it has to do with the current situation of the firewall. I mean, that my firewall is doing so many scannings and it raises a message about this.
I have increase the average rate and the burst rate and i will see tomorrow what is happens.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...