Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to completely ignore an IP address

      Once in a while, it becomes necessary to troubleshoot network activity and the packets' journey through the IPS.

Is there a simple way to completely ignore an IP address?

This question pertains to the asa 5585 with the IPS module and IME v7.1(6)E4.

I know how to 'ignore an ip address' in the ad0 of the Anomaly Detection feature of IME, but does this mean that no IPS processing occurs?

Please advise.

-Will

Everyone's tags (2)
2 REPLIES
VIP Purple

how to completely ignore an IP address

The filter (under event action rules) is the feature you are looking for. There you can tell the sensor to remove all actions for all signatures for this particular IP.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Cisco Employee

how to completely ignore an IP address

Hi Will,

Like Karsten mentioned, event action filter is the way to ensure no IPS processing for the said IP/subnet.

Configuration from CLI:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_event_action_rules.html#wp1030749

Using IME:

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/ime/ime_event_action_rules.html#wp2034816

HTH.

-

Regards,

Sourav Kakkar

258
Views
0
Helpful
2
Replies