Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA IPSec Spoof Detected

Status
Not open for further replies.
tbierl

tbierl

IS-IT--Management
Jan 28, 2013
1
US
I have a situation were we have a remote site connected with a ASA 5505 to our ASA 5525-x, then forwording out another tunnel via a 1870 series router. The problem is when it passes through the 5525 in the middle, it blocks the connection as IPSec Spoof Detected. What should I check to resolve this problem. FYI-I am holding off on posting configs because I want to learn where the problem lies, not just fix it.
 
Sort by date Sort by votes
ANti-spoofing basically defines some networks as "internal" and all the rest as "external", and then any "internal" IP address that appears on the external interface is therefore obviously spoofed and must be dropped.
 
Upvote 0 Downvote
Could be a NAT issue, as in VPN pool addresses not being excluded from being NATted back out...

10 ? "TIMMAY!!!"
20 goto 10
run
TIMMAY!!!...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
339
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
377
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
223
AllenH12
AllenH12
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
95
WhosYourDiffie
WhosYourDiffie
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
100
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top