Hello,
You might have NAT-control enabled and as you know for a packet to traverse the ASA a NAT rule must exist.
Now as you point you do not have the 211.x.x.x subnet on your inside so you should not be doing any nat for that (That is why we are getting those logs)
The question here is who is using that IP and the most important how the heck he is on the internal subnet>???
Ip spoofing, a back-door.
Dude check your internal network desing, make sure there is only one way to go to the internet ( I have worked a lot on cases where the customer says the ASA is the only way out, and trust me there is always a secondary device..So Check your network and after you do it, check it twice)
Any other question.. sure... Just let me know. but remember to rate all of my answers.
Julio
Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC