on my asa log, i can see this message (add image) I wonder what the source of these packages. I configured a capture but I don't know what is the command to see packets that were drop by threat-detection:
I don't understand what you mean with "Its not a packety sent by any source " I'll try to explain better although my English it's not very good. The ASA works only like head end of VPN connections and my doubt is if these drop "packets" are legitimate but sent in a too ratio. And if there are packages that otherwise might be? I´m very confused for this:
The threat detection feature can be described by the following three levels:
Basic threat detection:
Monitors the average and burst rate of dropped packets and
security events over an interval; generates a logging message when a threshold is
Advanced threat detection:
Gathers statistics for both allowed and denied packets
for objects such as hosts, protocols, ports, and access lists; generates a logging message
when the TCP Intercept rate exceeds a threshold
Scanning threat detection:
Maintains a database of suspicious activity for each
host; can detect a host that is scanning for vulnerable targets based on the average
and burst rates of scanning events; generates logging messages and can automatically
shun attacking hosts
You can configure threat detection in phases, adding more progressive levels as needed.
Be aware that advanced and scanning threat detection can tax the ASA resources because
they monitor and gather extensive and granular information.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :