Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Syslog messages on a ASA 5510

Status
Not open for further replies.

Daveyd123

MIS
Aug 25, 2004
413
US
I am receiving a lot of the following messages from my ASA:

03-15-2007 11:16:46 Local4.Critical 192.168.x.x %ASA-2-106016: Deny IP spoof from (our public IP) to Email_NAT on interface outside


The Deny spoof is coming from my Outside Interface on the ASA and is going to our Email_Nat internal IP address.

Should this be a concern? Why is it coming from the outside interface and not coming from another public IP address?
 
It's bit difficult to say because it will depend on what you have connected to the public interface.

For example if you have remote VPN configured and you are assigning IPs in the above range to your users you could get the above message.

However if this is connected to your router and you expect to see only public IPs then you should take some basic steps, such as blocking all private IPs on the router so it doesn't even reach your firewall, you should make sure that you use the router as your first layer of security.


Hope that helps.
 
We have SSL VPN clients coming in but are assigned IPs in the 172.20.x.x range.
 
I would block anything with source private IP on my edge routers.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top