ASA DDoS protection

Cisco ASA devices provide basic DoS attack detection by monitoring the rates at which packets are dropped for various reasons. It generates statistics that can then be analyzed, and the type of attack being experienced can be determined.

Distributed DoS attacks (DDoS) are a different story. Because these are distributed, it is not possible for an ASA to detect them, let alone protect against them, because of the fact that there are many different source In order to achieve this, you would need to use a Next-Generation FireWall (NGFW) such as Cisco FirePower or similar products from other vendors.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/firewall/asa-98-firewall-config/conns-threat.html#ID-2132-000000e5

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

https://www.cisco.com/c/en/us/products/security/secure-ddos-protection/index.html