Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
2
Replies

ASA 8.5.2

Sean VanHandel
Visitor

‎07-24-2013 07:32 AM - edited ‎03-11-2019 07:16 PM

Got a new one for me.  We've been having issues on a ASA that I have been investigating.  We are running in Routed mode.  I have a single DMZ setup, an inside and an outside interface.  I have been performing sniffs on the DMZ interface as we suspected compromised servers.  These servers solely reside upon the DMZ network on VM's.  On the DMZ interface I am seeing broadcasts/multicasts from the INSIDE interface.  I verified my configuration but can't for the life of me understand how the heck I could be seeing that.  Any ideas?

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎07-24-2013 07:49 AM

Hi,

Do you have some switch network behind both "inside" and "dmz" interface that are connected to eachother somehow?

- Jouni

0 Helpful

Sean VanHandel
Visitor
In response to Jouni Forss

‎07-24-2013 08:05 AM

You might think.  Nope... I seperated the DMZ completely and know exactly what devices; Netscaler, and VM hosts.   When I unplug the DMZ port on the ASA from the DMZ switch, I do not get the broadcasts so it stands to reason that is the port for the source (not the mac source as it looks like it's simply bridged across).  I even verified that we were running in routed mode... 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card