52-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 52 Using Protection Tools
Configuring IP Audit for Basic IPS Support
Add/Edit IP Audit Policy Configuration
The Configuration > Properties > IP Audit > IP Audit Policy > Add/Edit IP Audit Policy Configuration
dialog box lets you add or edit a named IP audit policy that you can assign to interfaces, and lets you
modify the default actions for each signature type.
Fields
• Policy Name—Sets the IP audit policy name. You cannot edit the name after you add it.
• Policy Type—Sets the policy type. You cannot edit the policy type after you add it.
–
Attack—Sets the policy type as attack.
–
Information—Sets the policy type as informational.
• Action—Sets one or more actions to take when a packet matches a signature. If you do not choose
an action, then the default policy is used.
–
Alarm—Generates a system message showing that a packet matched a signature. For a complete
list of signatures, see IP Audit Signature List.
–
Drop—Drops the packet.
–
Reset—Drops the packet and closes the connection.
IP Audit Signatures
The Configuration > Properties > IP Audit > IP Audit Signatures pane lets you disable audit signatures.
You might want to disable a signature if legitimate traffic continually matches a signature, and you are
willing to risk disabling the signature to avoid large numbers of alarms.
For a complete list of signatures, see the “IP Audit Signature List” section on page 52-7.
Fields
• Enabled—Lists the enabled signatures.
• Disabled—Lists the disabled signatures.
• Disable—Moves the selected signature to the Disabled pane.
• Enable—Moves the selected signature to the Enabled pane.
To Next Page
Loading...
Need help?
General
