https://community.cisco.com/t5/network-security/err-code-106021/m-p/1285009#M785884 <HTML><HEAD></HEAD><BODY><P>Deny ... reverse path check means that the Pix is receiving packets from an address for which the Pix has a route that points to a different interface.</P><P></P><P>In each of the examples you give, the source is 172.21.x.x, so the Pix is receiving packets from 172.21.x.x on the inside interface but it does not have a route to these addresses towards the inside interface.</P><P></P><P>So either you should add a route (if these are legitimate addresses) or find out who/what is sending these packets.</P><P></P><P>BTW if you just want to stop the messages from being logged you can configure:</P><P> no logging message 106021</P><P></P><P>Or better is to rate-limit it, e.g.</P><P></P><P>logging rate-limit 1 60 message 106021</P><P></P><P>This will reduce the amount of 106021 messages to 1 per 60 seconds.</P><P></P><P>hth</P><P>herbert</P></BODY></HTML> Tue, 10 Nov 2009 13:07:18 GMT Herbert Baerten 2009-11-10T13:07:18Z https://community.cisco.com/t5/network-security/err-code-106021/m-p/1285008#M785854 <P>hi all</P><P> I am getting error code message (106021)generating about 1GB of logg message daily on my firewall to my sylog server , the address in this error message is invalid source address which is not configured are connected to my internal lan of pix firewall. i have network of 172.16.x.x but my error message comes in range of 10.0.0.1 . </P><P></P><P>Oct 09 2009 08:36:54: %PIX-1-106021: Deny UDP reverse path check from 172.21.19.</P><P>201 to 128.9.0.107 on interface inside</P><P>Oct 09 2009 08:36:54: %PIX-1-106021: Deny UDP reverse path check from 172.21.19.</P><P>201 to 192.33.4.12 on interface inside</P><P>Oct 09 2009 08:36:58: %PIX-1-106021: Deny UDP reverse path check from 172.21.19.</P><P>201 to 128.8.10.90 on interface inside</P><P>Oct 09 2009 08:36:58: %PIX-1-106021: Deny UDP reverse path check from 172.21.19.</P><P>201 to 192.203.230.10 on interface inside</P><P>Oct 09 2009 08:37:01: %PIX-1-106021: Deny UDP reverse path check from 172.21.18.</P><P>92 to 10.0.0.1 on interface inside</P><P>Oct 09 2009 08:37:02: %PIX-1-106021: Deny UDP reverse path check from 172.21.18.</P><P>92 to 10.0.0.1 on interface inside</P><P> kindly let me know wht to be done to reduce logg message to be generated </P><P> </P> Mon, 11 Mar 2019 16:38:18 GMT https://community.cisco.com/t5/network-security/err-code-106021/m-p/1285008#M785854 SANTHOSHKUMAR SARAVANAN 2019-03-11T16:38:18Z https://community.cisco.com/t5/network-security/err-code-106021/m-p/1285009#M785884 <HTML><HEAD></HEAD><BODY><P>Deny ... reverse path check means that the Pix is receiving packets from an address for which the Pix has a route that points to a different interface.</P><P></P><P>In each of the examples you give, the source is 172.21.x.x, so the Pix is receiving packets from 172.21.x.x on the inside interface but it does not have a route to these addresses towards the inside interface.</P><P></P><P>So either you should add a route (if these are legitimate addresses) or find out who/what is sending these packets.</P><P></P><P>BTW if you just want to stop the messages from being logged you can configure:</P><P> no logging message 106021</P><P></P><P>Or better is to rate-limit it, e.g.</P><P></P><P>logging rate-limit 1 60 message 106021</P><P></P><P>This will reduce the amount of 106021 messages to 1 per 60 seconds.</P><P></P><P>hth</P><P>herbert</P></BODY></HTML> Tue, 10 Nov 2009 13:07:18 GMT https://community.cisco.com/t5/network-security/err-code-106021/m-p/1285009#M785884 Herbert Baerten 2009-11-10T13:07:18Z