It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Need a Cisco nerd for a moment...

page: 1
0

log in

join
share:

posted on Jan, 6 2016 @ 12:20 PM
link   
Ok so here is the skinny, I love fail2ban on my linux servers at work, it does most of the work, but my boss likes to block the same offending IPs at the ASA 5510 firewall appliance, shun is quick and simple unless you get 77 IPs in one list. Is there a way to auto ban offending IPs in ASA????




posted on Jan, 6 2016 @ 12:48 PM
link   
a reply to: sycomix

yes you can, in 2 ways... through the command line protocol or through the Cisco Management Software. either way, you will need superuser level access to change any security settings that would block/allow IP addresses or VLANS or Port assignments. be careful though, the ASA devices are easy to lockout if the wrong command line is entered.



posted on Jan, 6 2016 @ 01:42 PM
link   
a reply to: willie75

You would not happen to have a link that I could use for reference?



posted on Jan, 6 2016 @ 03:05 PM
link   
It should be possible using scripts but i'd normally leave it to the human to check it before doing bulk bans.

and double blocking is a waste of time, better it be banned at the firewall and job done rather than having to have some sort of distributed ip blocking system.



posted on Jan, 6 2016 @ 03:19 PM
link   
supportforums.cisco.com...

Ask a UC or Collaboration question and you might get an answer from me which is sort of like 6 degrees of separation running into people from ATS on a real world site. =)



posted on Jan, 6 2016 @ 04:14 PM
link   

originally posted by: sycomix
Ok so here is the skinny, I love fail2ban on my linux servers at work, it does most of the work, but my boss likes to block the same offending IPs at the ASA 5510 firewall appliance, shun is quick and simple unless you get 77 IPs in one list. Is there a way to auto ban offending IPs in ASA????


Whatever you decide to do, please save your config BEFORE making any changes and do not save again until AFTER testing. This way if you get locked out a simple reboot will load the old config.




top topics
 
0

log in

join