01-05-2017 10:31 AM - edited 03-12-2019 01:44 AM
ASA 5550, software version 9.1(7)
Error message: Deny IP spoof from 192.168.54.114 to 192.168.10.1 (on interface MGMT).
interface GigabitEthernet0/1
nameif inside-srv
security-level 100
ip address 192.168.10.1 255.255.255.0
interface GigabitEthernet0/2
no nameif
security-level 100
no ip address
interface GigabitEthernet0/2.54
vlan 54
nameif MGMT
security-level 100
ip address 192.168.54.1 255.255.255.0
Took capture on interface MGMT and I can't see any spoofed address. Check attached screenshot.
01-05-2017 11:48 AM
I think it makes sense why you are getting the error message. 192.168.54.114 wants to reach to 192.168.10.1. It would have its default gateway to ASA mgmt interface. Now 192.168.10.1 is the interface that belongs to ASA itself, which is prohibited by ASA. You can't reach to any of the far interface on ASA for management traffic.
01-17-2017 09:27 AM
The problem was that SNMP was configured on wrong interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: