28-5
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 28 Using Protection Tools
Configuring IP Audit for Basic IPS Support
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for the ASA that does not have an AIP SSM. It supports
a basic list of signatures, and you can configure the ASA to perform one or more actions on traffic that
matches a signature.
This section includes the following topics:
• IP Audit Policy, page 28-5
• Add/Edit IP Audit Policy Configuration, page 28-5
• IP Audit Signatures, page 28-6
• IP Audit Signature List, page 28-6
IP Audit Policy
The Configuration > Firewall > Advanced > IP Audit > IP Audit Policy pane lets you add audit policies
and assign them to interfaces. You can assign an attack policy and an informational policy to each
interface. The attack policy determines the action to take with packets that match an attack signature;
the packet might be part of an attack on your network, such as a DoS attack. The informational policy
determines the action to take with packets that match an informational signature; the packet is not
currently attacking your network, but could be part of an information-gathering activity, such as a port
sweep. For a complete list of signatures, see the IP Audit Signature List.
Fields
• Name—Shows the names of the defined IP audit policies. Although the default actions for a named
policy are listed in this table (“--Default Action--”), they are not named policies that you can assign
to an interface. Default actions are used by named policies if you do not set an action for the policy.
You can modify the default actions by selecting them and clicking the Edit button.
• Type—Shows the policy type, either Attack or Info.
• Action—Shows the actions taken against packets that match the policy, Alarm, Drop, and/or Reset.
Multiple actions can be listed.
• Add—Adds a new IP audit policy.
• Edit—Edits an IP audit policy or the default actions.
• Delete—Deletes an IP audit policy. You cannot delete a default action.
• Policy-to-Interface Mappings—Assigns an attack and informational policy to each interface.
–
Interface—Shows the interface name.
–
Attack Policy—Lists the attack audit policy names available. Assign a policy to an interface by
clicking the name in the list.
–
Info Policy—Lists the informational audit policy names available. Assign a policy to an
interface by clicking the name in the list.
Add/Edit IP Audit Policy Configuration
The Configuration > Firewall > Advanced > IP Audit > IP Audit Policy >
Add/Edit IP Audit Policy Configuration dialog box lets you add or edit a named IP audit policy that you
can assign to interfaces, and lets you modify the default actions for each signature type.