Apologies if this has been covered before, I did a quick scan of forums here but might have missed a relevant post. I am dealing with a 'base license' Cisco 5505 ASA 8.0(2) using ASDM 6.0(2). I've noticed that normal background network traffic across the wire on my outbound interface tends to trip the default triggers on the Cisco 5505's "scanning-threat" IDS rule:
[Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 6 per second, max configured rate is 5; Cumulative total count is 3673.
I would like to increase the trigger values on these rules so that only unusual traffic will trip them. I believe the relevant CLI command for creating a new rule would be similar to the config lines above (just altering the average-rate and burst-rate params to be higher), however attempted to do so earns me an "ERROR: rate-interval 600 already exists."
I'd guess there is a different command to overwrite an already existing policy line, or perhaps one to remove (clear?) an existing one, but I've been unable to locate such a command in the device manual or via the web. I do have a SMARTNet contract and could call support, but thought I would check here first. I'd much appreciate any info or advice.
Thank you for your reply... I'll check the Firewall section now!
>Obviously if you will adjust a setting that is already configured it should not be accepted.
This doesn't seem obvious to me; this is exactly what I am trying to do, adjust an already configured setting. I'd imagine there is different syntax required to change such a setting, can't seem to find it (yet).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...