Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NeverShunAddress Token for Resets ?

Does the NeverShunAddress token work for resets ? If not is there a token for NeverReset ?

Cisco Employee

Re: NeverShunAddress Token for Resets ?

The NeverShunAddress will not affect whether or not the sensor resets a TCP connection.

If you have a signature configured with a TCP Reset action, there are only 3 methods to prevent the TCP Reset from happening.

1) Use a switch which can prevent incoming packets from a SPAN port. This will of course prevent any and all TCP Resets from the sensor.

2) Set the action for the signature to None or an action such as Shun or IP Log without TCP Resets. No connections matching that signature will then be reset.

3) Exclude the signature for a given address set. This will prevent an alarm from firing for a given set of source and destination addresses for the signature. The TCP Resets will not get sent if the signature exclusions prevents the creation of the alarm.

CreatePlease to create content