Re: 106021

ray_stone · ‎10-22-2008

Hi,

I have found 106021 log in the asdm and not able to understand what is for that. Can anyone explain. Thanks

acomiskey · ‎10-22-2008

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768997

ray_stone · ‎10-22-2008

Few information are given below : Pl advice

Result of the command: "sh mem"

Free memory: 65660880 bytes (25%)

Used memory: 193644464 bytes (75%)

------------- ----------------

Total memory: 259305344 bytes (100%)

Result of the command: "sh xlate count"

181 in use, 462 most used

Result of the command: "sh conn count"

229 in use, 2026 most used

Result of the command: "sh blocks"

SIZE MAX LOW CNT

0 400 358 400

4 200 199 199

80 400 345 400

256 3412 3349 3412

1550 7331 7260 7315

2048 2624 2055 2110

2560 900 900 900

4096 100 100 100

8192 100 100 100

16384 102 102 102

65536 16 16 16

Show memory process output is attached.

Please suggest if you find anything wrong. Thanks

ray_stone · ‎10-22-2008

Hi, I am looking so much logs of 106021. Shd i take as an attack and which of the action I need to be taken. Please help!!

acomiskey · ‎10-22-2008

Could you post one of the logs?

ray_stone · ‎10-22-2008

1|Oct 22 2008|14:40:53|106021|192.168.10.43||255.255.255.255||Deny UDP reverse path check from 192.168.10.43 to 255.255.255.255 on interface outside

192.168.10.0/24 is a inside network.

ajagadee · ‎10-22-2008

Richard,

What is the IP Address 192.168.10.43? Is this a server or user? Where are the outside and inside interface connected to? Are they connecting to the same switch?

Couple of things that I would do:

1. Look at the physical topology and see if there is any VLAN Misconfiguration

2. If the IP Address .43 is dual NICed, make sure that the ports are in the right vlan.

Regards,

Arul

* Please rate if it helps *

ray_stone · ‎10-22-2008

Hi, its a modem IP and its directly connected with switch which is connected directly FW and V-lan is created on FW instead of Switch.

Last Sunday, we have upgraded the IOS version 8.03 to 8.04 and after that from remote sites users are facing disconnected issue like FTP, RDC. Remote users connect and the connection disconnects automatically but it was working fine until IOS upgrade.

Please suggest.

ray_stone · ‎10-22-2008

Please suggest as we are facing such issue frequently. Thnaks

ray_stone · ‎10-23-2008

Hi, I have just opened a TAC request for this and have got response to execute the following commands:

- no ip verify reverse-path interface inside

- no ip verify reverse-path interface outside

- no ip verify reverse-path interface dmz

- no ip verify reverse-path interface outside2

May I know what would be the effect if I execute these commands in Production Firewall as per security concerned as I am sure we haven't make any changes since last well except IOS version 8.04 which I have already rolled back into previous version 8.03. Please help, its urgent!!!!!

ray_stone · ‎10-23-2008

Hi, the issue has been solved after just turned of the IP Spoofing command.