Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
5
Helpful
1
Replies

Deny IP due to Land Attack from IP address to IP address

mburguk1000
Level 1
Level 1

‎11-16-2015 02:58 AM - edited ‎03-11-2019 11:53 PM

We have been getting these errors from our firewall which is a ASA 5515 running version 9.1.2 software and the appliance which address is refeerenced is a Ironport. When the call was rasied with Cisco Tac they have sent a article that is relevant to a ASA 

Please see below 

https://supportforums.cisco.com/document/54791/asapixfwsm-deny-ip-due-land-attack-messages

<162>%ASA--106017: Deny IP due to Land Attack from IP address  to IP address 

Any one else experienced these issues 

Labels:
0 Helpful
1 Reply 1

Rishabh Seth
Level 7
Level 7

‎11-16-2015 03:18 AM

ASA would classify traffic as LAND attack traffic if it sees source IP and destination IP same in the IP header. 

Do you see the error for legitimate traffic or is it actual LAND attack traffic?

Also check if you have some misconfigured nat statement that might translate the traffic and result in same source IP and destination IP.

Thanks,

RS 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card