Hi all

I hope someone can help, i have a ASA 5505 (9.2(4) firewall that setup as follows.

192.168.246.1/24(inside)---- ASA5505---- 192.168.248.10/23(outside).

My syslog was working OK, with a few messages going to it every now and again, however today, after i played with a NAT rule, the syslog server is logging about 20-30 messages a second.  Luckily the FW isnt live just yet and I quickly restored the config back to a config from a few days ago.  However i can still see loads of messages in the syslog in ASDM.  I have rebooted the firewall and can confirm the only NAT rule in place os for the IPSEC VPN connection.

I now only have 1 NAT statement in the config-10.0.0.0/28 is the VPN clients DHCP pool.

nat (N3-DMZ-INSIDE,CORP-OUTSIDE) source static any any destination static NETWORK_OBJ_10.0.0.0_28 NETWORK_OBJ_10.0.0.0_28 no-proxy-arp route-lookup

N3-INTERNAL# show xlate
2 in use, 2 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
NAT from N3-DMZ-INSIDE:0.0.0.0/0 to CORP-OUTSIDE:0.0.0.0/0
flags sIT idle 0:35:02 timeout 0:00:00
NAT from CORP-OUTSIDE:10.0.0.0/28 to N3-DMZ-INSIDE:10.0.0.0/28
flags sIT idle 0:35:02 timeout 0:00:00

Now in the syslog messages 99% of the entries are 'sourced from different IPs on our network destined to an IP address of 192.168.248.218', what i dont understand is why traffic destined to 192.168.248.218 is hitting the firewall outside interface.

The IP address 192.168.248.218 belonged to an old server which doesn't exist anymore.

Any help appreciated in sorting this out.

Thanks