Deny IP spoof on Cisco ASA

Deny IP spoof on Cisco ASA

am 09.07.2007 10:57:13 von Chris

Hi all,

Hopefully you can help with a problem I am having with Cisco syslog
message ASA-2-106016.

Basically we have a /27 public address range in our network and during
testing we are trying to prove that the access-lists on our firewall
is behaving as it should. The access-list allows through any traffic
from the /27 network on the inside interface and blocks any traffic
between the /27 network into the outside interface. Therefore if we
try to connect to ourselves the traffic should be stopped coming back
in on the outside interface.

What is actually happening is that one address is actually being
stopped from getting into the inside interface and the syslog message
is "Deny IP spoof from (our IP address) to (broadcast address of our
range) on interface inside". Addresses either side of the blocked
address work so we don't think it could be misconfiguration of mask.

Would anyone have an idea as to why this happens?

Many thanks,

Chris

Re: Deny IP spoof on Cisco ASA

am 09.07.2007 12:31:03 von Chris

On 9 Jul, 09:57, Chris wrote:
> Hi all,
>
> Hopefully you can help with a problem I am having with Cisco syslog
> message ASA-2-106016.
>
> Basically we have a /27 public address range in our network and during
> testing we are trying to prove that the access-lists on our firewall
> is behaving as it should. The access-list allows through any traffic
> from the /27 network on the inside interface and blocks any traffic
> between the /27 network into the outside interface. Therefore if we
> try to connect to ourselves the traffic should be stopped coming back
> in on the outside interface.
>
> What is actually happening is that one address is actually being
> stopped from getting into the inside interface and the syslog message
> is "Deny IP spoof from (our IP address) to (broadcast address of our
> range) on interface inside". Addresses either side of the blocked
> address work so we don't think it could be misconfiguration of mask.
>
> Would anyone have an idea as to why this happens?
>
> Many thanks,
>
> Chris

D'oh! Case now closed. Despite me saying that there wasn't misconfig
it turns out that the management IP address was configured with the
wrong mask.