https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/685001#M1031134 <HTML><HEAD></HEAD><BODY><P>Hello reto,</P><P></P><P>what is the source of the spoof attack coming from ?? if it is one of these, then the PIX blocks all the spoof traffic by default, since thats the way it is supposed to work:</P><P></P><P>1) 127.0.0.1 - loopback</P><P>2) broadcast address</P><P>3) land.c subnets - your same network...</P><P></P><P>If it is something else, we have to analyse what IP is that and see if it is required.. Are you not able to connect to the PIX outside at all from the internet ?? this should not be the case.. can you do a tracert and find out where it is dropping ?? Are there any other log messages on the PIX ?? Try going to internet through a laptop.. take the IP of that laptop and connect to PIX. see if there are any packets hitting the firewall with that laptop's IP ... am sure you can nail down the issue...</P><P></P><P>Hope this helps.. let us know..</P><P></P><P>Raj</P></BODY></HTML> Fri, 26 Jan 2007 06:07:40 GMT sachinraja 2007-01-26T06:07:40Z https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/685000#M1031080 <P>Hi,</P><P>I'm using an ASA5510. I want enable VPN-Client Access, but there is always the Message: "Deny ip Spoof from (..) on Interface outside". I'm also not able to ping this device. ACL's are open and the command:</P><P>icmp permit any unreachable outside</P><P>icmp permit any outside </P><P></P><P>Could someone give me a solution?</P><P></P><P>thanks</P> Mon, 11 Mar 2019 09:24:24 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/685000#M1031080 reto.rutishauser 2019-03-11T09:24:24Z https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/685001#M1031134 <HTML><HEAD></HEAD><BODY><P>Hello reto,</P><P></P><P>what is the source of the spoof attack coming from ?? if it is one of these, then the PIX blocks all the spoof traffic by default, since thats the way it is supposed to work:</P><P></P><P>1) 127.0.0.1 - loopback</P><P>2) broadcast address</P><P>3) land.c subnets - your same network...</P><P></P><P>If it is something else, we have to analyse what IP is that and see if it is required.. Are you not able to connect to the PIX outside at all from the internet ?? this should not be the case.. can you do a tracert and find out where it is dropping ?? Are there any other log messages on the PIX ?? Try going to internet through a laptop.. take the IP of that laptop and connect to PIX. see if there are any packets hitting the firewall with that laptop's IP ... am sure you can nail down the issue...</P><P></P><P>Hope this helps.. let us know..</P><P></P><P>Raj</P></BODY></HTML> Fri, 26 Jan 2007 06:07:40 GMT https://community.cisco.com/t5/network-security/deny-ip-spoof/m-p/685001#M1031134 sachinraja 2007-01-26T06:07:40Z