https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404108#M307943 <HTML><HEAD></HEAD><BODY><P>Hello Stephen,</P><P></P><P>If you have configured the outside interface with security level 0, then it will block all traffic unless permitted on an ACL.</P><P>So if you don’t have any ACL on the outside, then there is no need to block it, If you have an ACL just confirm the traffic is not permitted, otherwise the ASA will apply the implicit 'deny ip any any'</P><P></P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Tue, 03 Dec 2013 00:46:23 GMT lcambron 2013-12-03T00:46:23Z https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404107#M307941 <P style="margin-bottom: 0pt;">Is it necessary to block “bogon” networks on the outside interface or does the Cisco ASA firewall do it by default.</P><P></P><P style="margin-bottom: 0pt;">I noticed this line below on my logs and it kind of scared me for sec..</P><P></P><P style="margin-bottom: 0pt;">2013-11-27 T13:27:55.540306-05:00 ga-asa-5505-50 : %ASA-session-6-302016: Teardown UDP connection 6480256 for outside:<STRONG>192.168.1.10/5061 </STRONG>to inside:A-<STRONG>192.168.110.4/5060 </STRONG>duration 17:19:43 bytes 20060171</P><P></P><P style="margin-bottom: 0pt;">It looks like the traffic came from outside the network from <STRONG>192.168.1.10</STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG>So if that the case would the access list below block those "private" networks.</STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG>What is aim to block</STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P>10.0.0.0/8&nbsp; (A)</P><P>172.16.0.0/12 (B)</P><P>192.168.0.0/16 (C)</P><P>224.0.0.0/4 (MULTICAST D)</P><P>240.0.0.0/5 (E)</P><P>127.0.0.0/8 (LOOPBACK)<SPAN id="mce_marker"> </SPAN>10.0.0.0/8&nbsp; (A)<BR />172.16.0.0/12 (B)<BR />192.168.0.0/16 (C)<BR />224.0.0.0/4 (MULTICAST D)<BR />240.0.0.0/5 (E)<BR />127.0.0.0/8 (LOOPBACK)</P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG>--------------------------------------------------------</STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P style="margin-bottom: 0pt;"><STRONG> </STRONG></P><P><STRONG>object-group network bogons</STRONG></P><P><STRONG>network-object 10.0.0.0 255.0.0.0</STRONG><BR /><STRONG>network-object 172.16.0.0 255.240.0.0</STRONG><BR /><STRONG>network-object 192.168.0.0 255.255.0.0</STRONG><BR /><STRONG>network-object 224.0.0.0 240.0.0.0</STRONG><BR /><STRONG>network-object 240.0.0.0 248.0.0.0</STRONG><BR /><STRONG>network-object 127.0.0.0 255.0.0.0</STRONG></P><P><BR /><STRONG>access-list world extended deny ip object-group bogons any</STRONG></P><P><STRONG>access-group world in interface outside</STRONG></P><P><STRONG>------------------------------------------------------</STRONG></P><P><STRONG> </STRONG></P><P><STRONG> </STRONG></P> Tue, 12 Mar 2019 03:11:42 GMT https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404107#M307941 stevechege 2019-03-12T03:11:42Z https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404108#M307943 <HTML><HEAD></HEAD><BODY><P>Hello Stephen,</P><P></P><P>If you have configured the outside interface with security level 0, then it will block all traffic unless permitted on an ACL.</P><P>So if you don’t have any ACL on the outside, then there is no need to block it, If you have an ACL just confirm the traffic is not permitted, otherwise the ASA will apply the implicit 'deny ip any any'</P><P></P><P></P><P>Regards,</P><P></P><P>Felipe.</P><P></P><P></P><P>Remember to rate useful posts. </P></BODY></HTML> Tue, 03 Dec 2013 00:46:23 GMT https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404108#M307943 lcambron 2013-12-03T00:46:23Z https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404109#M307946 <HTML><HEAD></HEAD><BODY><P>Thank you.....You are correct...i was just freaking out. It turns out to be a host from a "site-to-site" VPN connection that is allowed.</P><P>I guess i deal with alot of IPTABLES configurations, so i defaulted to thinking that way.</P><P></P><P>i.e on the public interface. (linux iptables).</P><P></P><P><SPAN> </SPAN></P><P><SPAN># iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP</SPAN><BR /><SPAN># iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP</SPAN></P><P></P><P>Thanks for the refresher.</P><P></P><P>Good day.</P></BODY></HTML> Tue, 03 Dec 2013 01:35:57 GMT https://community.cisco.com/t5/network-security/blocking-quot-bogon-quot-traffic-aka-private-ip-on-the-outside/m-p/2404109#M307946 stevechege 2013-12-03T01:35:57Z