Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Implementation problems with Botnet on ASA-Context FW

Hi,

I'm currently trying to implement a trial Botnet Traffic Filter on a ASA5520 multicontext.

It's running in a data center, with ~10 customer contexts. When I tried to enable it, we had a bunch of dropped pings on different contexts. I'm not really sure if there is anything wrong in the configuration, or if this is some kind of bug, or even normal behavior. 

Licence is activated.

 

My config:

 

admin-context:

dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8

 

system-context:

dynamic-filter updater-client enable

 

customer-context:

dynamic-filter use-database

access-list dynamic-filter_acl extended permit ip 10.140.1.0 255.255.255.0 any

dynamic-filter enable interface outside classify-list dynamic-filter_acl


policy-map global_policy

 class inspection_default
  inspect dns dynamic-filter-snoop

 

After implementing the commands on the system/admin context, the pings to google.com started to drop (4 drops, 6 ok, 3 drops, 10 ok, 1 drop, 1 ok,...).

Has anyone an idea how we can get this runnning without impact on our customers?

 

Regards,

Amir

 

 

 

1 REPLY

Hi Amir, Its advised to use

Hi Amir,

 

Its advised to use the local dns or your isp provided dns.... that also could be the reason... also you are filtering for one subnet which should not affect the other context or users.....

 

Regards

Karthik

108
Views
0
Helpful
1
Replies
CreatePlease to create content