Chris
2007-07-09 08:57:13 UTC
Hi all,
Hopefully you can help with a problem I am having with Cisco syslog
message ASA-2-106016.
Basically we have a /27 public address range in our network and during
testing we are trying to prove that the access-lists on our firewall
is behaving as it should. The access-list allows through any traffic
from the /27 network on the inside interface and blocks any traffic
between the /27 network into the outside interface. Therefore if we
try to connect to ourselves the traffic should be stopped coming back
in on the outside interface.
What is actually happening is that one address is actually being
stopped from getting into the inside interface and the syslog message
is "Deny IP spoof from (our IP address) to (broadcast address of our
range) on interface inside". Addresses either side of the blocked
address work so we don't think it could be misconfiguration of mask.
Would anyone have an idea as to why this happens?
Many thanks,
Chris
Hopefully you can help with a problem I am having with Cisco syslog
message ASA-2-106016.
Basically we have a /27 public address range in our network and during
testing we are trying to prove that the access-lists on our firewall
is behaving as it should. The access-list allows through any traffic
from the /27 network on the inside interface and blocks any traffic
between the /27 network into the outside interface. Therefore if we
try to connect to ourselves the traffic should be stopped coming back
in on the outside interface.
What is actually happening is that one address is actually being
stopped from getting into the inside interface and the syslog message
is "Deny IP spoof from (our IP address) to (broadcast address of our
range) on interface inside". Addresses either side of the blocked
address work so we don't think it could be misconfiguration of mask.
Would anyone have an idea as to why this happens?
Many thanks,
Chris