04-04-2020 10:22 AM - edited 04-04-2020 12:02 PM
I see constant floods of icmp denies type 11 code 0 on my outside ASA interface in the syslog.
Apr 04 2020 11:19:36 {ISP IP} {INTERNAL IP} Deny icmp src outside:{ISP IP} dst inside:{INTERNAL IP} (type 11, code 0) by access-group "Outside" [0x0, 0x0]
From my understanding, this is a TTL expiry packet. The source IP address is coming from ISP router that's not on our site. I am not sure what's happening here. Could this be a NAT issue? Anyone had similar problem?
04-04-2020 11:49 AM
04-04-2020 11:55 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide