[c-nsp] ASA shun 'bug' acknowledged
Jeff Kell
jeff-kell at utc.edu
Wed May 3 22:50:52 EDT 2006
As I asked about earlier on the list, there is indeed an issue with the
ASA's shun behavior running 7.x software. If you're using shuns as an
IPS measure, take note.
If you issue a 'shun x.x.x.x' for an outside IP address, any existing
[TCP] connections with that IP are not affected. Traffic to and from
the IP continues to pass through the device. No *new* connections are
allowed with that IP as a source.
The bug ID is CSCse10714.
Jeff
More information about the cisco-nsp
mailing list