Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Intrusion Prevention System/ASA Blocking Devices Problem

SSM-20 IPS Module installed on the ASA 5520. Shunning works great when problem is detected from outside interface to inside interface.

Here is my problem. When remote VPN users connects (VPN Client/outside interface) and a problem is detected the VPN client address is shunned (172.16.X.X) on the ASA but the system can still connect to inside systems because they are at that point on the inside LAN.

I don't have any Cisco 6500 switches that that is not an option. Can I create some sort of access list on my ASA or Cisco 3750 switches to deny access ??

143
Views
0
Helpful
0
Replies