Cisco ASA 5505 Configuration Manual page 1084

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Default Settings

IPv6 Guidelines

Does not support IPv6.

Additional Guidelines and Limitations

Default Settings

By default, the Botnet Traffic Filter is disabled, as is use of the dynamic database.

For DNS inspection, which is enabled by default, Botnet Traffic Filter snooping is disabled by default.

Configuring the Botnet Traffic Filter

This section includes the following topics:

Task Flow for Configuring the Botnet Traffic Filter

To configure the Botnet Traffic Filter, perform the following steps:

Enable use of the dynamic database. See the

This procedure enables database updates from the Cisco update server, and also enables use of the

downloaded dynamic database by the adaptive security appliance. Disallowing use of the downloaded

database is useful in multiple context mode so you can configure use of the database on a per-context

(Optional) Add static entries to the database. See the

This procedure lets you augment the dynamic database with domain names or IP addresses that you want

to blacklist or whitelist. You might want to use the static database instead of the dynamic database if you

do not want to download the dynamic database over the Internet.

Enable DNS snooping. See the

This procedure enables inspection of DNS packets, compares the domain name with those in the

dynamic database or the static database (when a DNS server for the adaptive security appliance is

unavailable), and adds the name and IP address to the DNS reverse lookup cache. This cache is then used

by the Botnet Traffic Filter when connections are made to the suspicious address.

Cisco ASA 5500 Series Configuration Guide using ASDM

TCP DNS traffic is not supported.

You can add up to 1000 blacklist entries and 1000 whitelist entries in the static database.

Task Flow for Configuring the Botnet Traffic Filter, page 50-6

Configuring the Dynamic Database, page 50-7

Enabling DNS Snooping, page 50-9

Adding Entries to the Static Database, page 50-8

Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page 50-10

Blocking Botnet Traffic Manually, page 50-12

Searching the Dynamic Database, page 50-13

"Configuring the Dynamic Database" section on page

"Adding Entries to the Static Database" section on

"Enabling DNS Snooping" section on page

Configuring the Botnet Traffic Filter

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 1084

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents