52-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 52 Using Protection Tools
Configuring IP Audit for Basic IPS Support
interfaces is also affected. When this option is not enabled, the adaptive security appliance silently
discards denied packets. This option is enabled by default. You might want to disable outbound
resets to reduce the CPU load during traffic storms, for example.
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for the adaptive security appliance that does not have an
AIP SSM. It supports a basic list of signatures, and you can configure the adaptive security appliance to
perform one or more actions on traffic that matches a signature.
This section includes the following topics:
• IP Audit Policy, page 52-5
• Add/Edit IP Audit Policy Configuration, page 52-6
• IP Audit Signatures, page 52-6
• IP Audit Signature List, page 52-7
IP Audit Policy
The Configuration > Properties > IP Audit > IP Audit Policy pane lets you add audit policies and assign
them to interfaces. You can assign an attack policy and an informational policy to each interface. The
attack policy determines the action to take with packets that match an attack signature; the packet might
be part of an attack on your network, such as a DoS attack. The informational policy determines the
action to take with packets that match an informational signature; the packet is not currently attacking
your network, but could be part of an information-gathering activity, such as a port sweep. For a
complete list of signatures, see the IP Audit Signature List.
Fields
• Name—Shows the names of the defined IP audit policies. Although the default actions for a named
policy are listed in this table (“--Default Action--”), they are not named policies that you can assign
to an interface. Default actions are used by named policies if you do not set an action for the policy.
You can modify the default actions by selecting them and clicking the Edit button.
• Type—Shows the policy type, either Attack or Info.
• Action—Shows the actions taken against packets that match the policy, Alarm, Drop, and/or Reset.
Multiple actions can be listed.
• Add—Adds a new IP audit policy.
• Edit—Edits an IP audit policy or the default actions.
• Delete—Deletes an IP audit policy. You cannot delete a default action.
• Policy-to-Interface Mappings—Assigns an attack and informational policy to each interface.
–
Interface—Shows the interface name.
–
Attack Policy—Lists the attack audit policy names available. Assign a policy to an interface by
clicking the name in the list.
–
Info Policy—Lists the informational audit policy names available. Assign a policy to an
interface by clicking the name in the list.
To Next Page
Loading...
Need help?
General
