https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039591#M438197 <HTML><HEAD></HEAD><BODY><P>Hello Shivaji,</P><P></P><P>1) Yes, the route-lookup goes first than the ACL.</P><P></P><P>What is on the internal network, what other device? </P><P></P><P><STRONG>Any other question..Sure..Just remember to rate all of my answers.</STRONG></P><P></P><P>Julio</P></BODY></HTML> Mon, 15 Oct 2012 17:23:19 GMT Julio Carvajal 2012-10-15T17:23:19Z https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039590#M438196 <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hi,</P><P></P><P>I am getting following maessage on my ASA %ASA-1-106021: Deny UDP reverse path check from 192.168.1.220 to 10.192.0.249 on interface inside.</P><P></P><P>192.168.1.220 is not there in my network and I have enabled the RPF on ASA so it is obious that it is getting blocked..</P><P>My challenge is to find out the actual souce device for 192.168.1.220 and to block these logs from reflecting. I tried following but could not succeed,</P><P></P><P>1) Applied ACL on interface interface in line 1 denying all traffic from 192.168.1.220 to 10.192.0.249 (Outside), but still RPF message continues with no hits on this ACL. I am wondering if ACL comes first or RPF</P><P></P><P>2) Connected sniffer in the vlan of Inside interface but could not get any logs for these two IPs.</P> Tue, 12 Mar 2019 00:09:01 GMT https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039590#M438196 central_bank 2019-03-12T00:09:01Z https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039591#M438197 <HTML><HEAD></HEAD><BODY><P>Hello Shivaji,</P><P></P><P>1) Yes, the route-lookup goes first than the ACL.</P><P></P><P>What is on the internal network, what other device? </P><P></P><P><STRONG>Any other question..Sure..Just remember to rate all of my answers.</STRONG></P><P></P><P>Julio</P></BODY></HTML> Mon, 15 Oct 2012 17:23:19 GMT https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039591#M438197 Julio Carvajal 2012-10-15T17:23:19Z https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039592#M438198 <HTML><HEAD></HEAD><BODY><P> But how do I find out the actual source. 192.168.x.x is not used in my network.</P><P>I tried using Sniffer but that did not show up anything with this IP address.</P><P></P><P>Shivaji</P></BODY></HTML> Tue, 16 Oct 2012 07:34:32 GMT https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039592#M438198 central_bank 2012-10-16T07:34:32Z https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039593#M438199 <HTML><HEAD></HEAD><BODY><P>Hello Shivaji,</P><P></P><P>I know what you mean but if the ASA reports it. that means it is happening.</P><P></P><P>Someone is using that Ip on your internal network.....</P><P></P><P>Can you provide me the captures you applied on your ASA?</P><P></P><P><STRONG style="background-color: #f7fafb; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;">Any other question..Sure..Just remember to rate all of my answers.</STRONG></P></BODY></HTML> Tue, 16 Oct 2012 12:13:13 GMT https://community.cisco.com/t5/network-security/reverse-path-check/m-p/2039593#M438199 Julio Carvajal 2012-10-16T12:13:13Z