Syslog messages on a ASA 5510

[Daveyd123]

I am receiving a lot of the following messages from my ASA:

03-15-2007 11:16:46 Local4.Critical 192.168.x.x %ASA-2-106016: Deny IP spoof from (our public IP) to Email_NAT on interface outside


The Deny spoof is coming from my Outside Interface on the ASA and is going to our Email_Nat internal IP address.

Should this be a concern? Why is it coming from the outside interface and not coming from another public IP address?

 

[Daveyd123]

anyone?

 

[Daveyd123]

ttt

 

[horus42]

It's bit difficult to say because it will depend on what you have connected to the public interface.

For example if you have remote VPN configured and you are assigning IPs in the above range to your users you could get the above message.

However if this is connected to your router and you expect to see only public IPs then you should take some basic steps, such as blocking all private IPs on the router so it doesn't even reach your firewall, you should make sure that you use the router as your first layer of security.


Hope that helps.

 

[Daveyd123]

We have SSL VPN clients coming in but are assigned IPs in the 172.20.x.x range.

 

[horus42]

I would block anything with source private IP on my edge routers.

 

[Daveyd123]

Not sure I quite understand. Can you please elaborate?