https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860016#M25966 <P>This is normal as this is FW, it always block the traffic which was not allowed.</P> <P>Only you need to worry about is, is there any traffic from inside originating ?</P> Tue, 21 May 2019 11:06:40 GMT balaji.bandi 2019-05-21T11:06:40Z https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860012#M25965 <P>Greetings,</P><P>&nbsp;</P><P>I'm getting a very large amount (sometime 10 or 15 per seconds) of&nbsp;<SPAN class="pEM_ErrMsg">%ASA-4-106023</SPAN>&nbsp; warnings in the realtime syslog console of a 5506 ASA.</P><P>%ASA-4-106023: Deny icmp(or UDP) src Outside:<SPAN><STRONG>X</STRONG></SPAN> dst Inside: <SPAN><STRONG>Y</STRONG></SPAN></P><P>&nbsp;</P><P>Where sources are always different publics IPs (X) but the destinations are always the same 2 internal IP addresses in my network (which are not leased and have never been leased by the DHCP server nor fixed).</P><P>&nbsp;</P><P>The router CPU is still under 15% but I'm wondering how to prevent these warnings.</P><P>I would also like to understand what that really means ?</P><P>&nbsp;</P><P>Thanks you for your insights on that matter.</P><P>Frederique</P><P>&nbsp;</P> Tue, 21 May 2019 11:02:36 GMT https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860012#M25965 FrederiqueCD 2019-05-21T11:02:36Z https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860016#M25966 <P>This is normal as this is FW, it always block the traffic which was not allowed.</P> <P>Only you need to worry about is, is there any traffic from inside originating ?</P> Tue, 21 May 2019 11:06:40 GMT https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860016#M25966 balaji.bandi 2019-05-21T11:06:40Z https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860045#M25967 <P>Hello BB,</P><P>Thanks you for your answer. Actually this hosts is alive and is opening session with the internet.</P><P>&nbsp;</P><P>But why is there so many denied udp/icmp packets ? Are they returned packets ? or is it something different ?</P><P>&nbsp;</P> Tue, 21 May 2019 11:45:33 GMT https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860045#M25967 FrederiqueCD 2019-05-21T11:45:33Z https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860079#M25968 <P>FW act based on the Rules you have setup on your network.</P> <P>&nbsp;</P> <P>So if this Live Host, i will investigate why this IP sending too many request outside and they are Denied.</P> <P>This is unusual single device sending ICMP outside. I will start with Local Device and investigate with remote IP it try to send ICMP</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 21 May 2019 12:39:54 GMT https://community.cisco.com/t5/network-security/syslog-anormal-amount-of-warning-message-asa-4-106023/m-p/3860079#M25968 balaji.bandi 2019-05-21T12:39:54Z