https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627894#M594112 <HTML><HEAD></HEAD><BODY><P>the source<SPAN style="background-color: #f8fafd;"> of this ssh connection lives behind the inside interface.</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">sh run route<BR />route inside 10.10.2.0 255.255.255.0 12.12.7.33</SPAN></P></BODY></HTML> Sat, 15 Jan 2011 16:55:11 GMT west33637 2011-01-15T16:55:11Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627891#M594109 <P>Hello all. Everytime I try to ssh to my ASA inside interface (12.12.7.36) from 10.10.2.3. I get the following error in my logs. how can I get rid of this?</P><P></P><P>Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.</P> Mon, 11 Mar 2019 19:35:35 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627891#M594109 west33637 2019-03-11T19:35:35Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627892#M594110 <HTML><HEAD></HEAD><BODY><P>Seems you have...</P><P></P><P>ip verify reverse-path interface inside</P><P></P><P>Try removing it and test.</P></BODY></HTML> Sat, 15 Jan 2011 04:57:00 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627892#M594110 jdlampard 2011-01-15T04:57:00Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627893#M594111 <HTML><HEAD></HEAD><BODY><P>Doesn't look like the source IP of this SSH connection lives/belongs behind the inside interface. Check "sh run route".</P><P></P><P>You can only ping, ssh, asdm or telnet to the closes interface from your source.</P><P>You cannot reach the far side interface - this is by design.</P><P></P><P>-KS</P></BODY></HTML> Sat, 15 Jan 2011 15:03:37 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627893#M594111 Kureli Sankar 2011-01-15T15:03:37Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627894#M594112 <HTML><HEAD></HEAD><BODY><P>the source<SPAN style="background-color: #f8fafd;"> of this ssh connection lives behind the inside interface.</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">sh run route<BR />route inside 10.10.2.0 255.255.255.0 12.12.7.33</SPAN></P></BODY></HTML> Sat, 15 Jan 2011 16:55:11 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627894#M594112 west33637 2011-01-15T16:55:11Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627895#M594113 <HTML><HEAD></HEAD><BODY><P>The toplogy looks like this?</P><P></P><DIV class="jive-rendered-content"><P>10.10.2.3---Router(.33)--(12.12.7.36)ASA---</P><P></P><P>You are seeing this message</P><P>Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.</P><P>That message means that the packet that the firewall sent is coming right back to the firewall. I'd check the route on the router to see why it may be sending the packet back to the firewall. Does the router know where 10.10.2.0/24 lives?</P><P></P></DIV><P>Post the output of "sh run int" pls.</P><P>What is the GW configured on 10.10.2.3?</P><P>What other logs do you see besides the deny ip spoof for port 22 (ssh) connection?</P><P>What is the route on the 12.12.7.33 router? It is pointing its default gateway towards the ASA?</P><P></P><P>-KS</P></BODY></HTML> Sat, 15 Jan 2011 17:36:03 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627895#M594113 Kureli Sankar 2011-01-15T17:36:03Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627896#M594114 <HTML><HEAD></HEAD><BODY><P>I found a routing loop along the path to the ssh source. Fixing that resolved the issue. Thanks!!</P></BODY></HTML> Sat, 15 Jan 2011 20:36:30 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627896#M594114 west33637 2011-01-15T20:36:30Z https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627897#M594115 <HTML><HEAD></HEAD><BODY><P>Awesome! Yes, exactly what I thought. Thanks for rating.</P><P></P><P>-KS</P></BODY></HTML> Sat, 15 Jan 2011 22:08:59 GMT https://community.cisco.com/t5/network-security/cisco-asa-5520-how-can-i-get-rid-of-this-spoofing/m-p/1627897#M594115 Kureli Sankar 2011-01-15T22:08:59Z