cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1510
Views
0
Helpful
3
Replies

ASA Netbios Broadcast traffic dropped INSIDE

jaysin144
Level 1
Level 1

I have an ASA that keeps dropping what looks like Netbios Boradcast packets on the inside interface. 

06-06-2013          13:42:44          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.134/137 to inside:10.1.1.255/137

06-06-2013          13:42:44          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:43          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:42          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:41          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:41          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:40          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.214/137 to inside:10.1.1.255/137

06-06-2013          13:42:38          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.16/137 to inside:10.1.1.255/137

06-06-2013          13:42:38          Local4.Debug          10.1.1.247          %ASA-7-710005: UDP request discarded from 10.1.1.16/137 to inside:10.1.1.255/137

Both IP's are on the inside network. Any idea why and how I can allow this broadcast traffic? Everything else, including IPSEC VPN's look good.

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Jason,

As you said it, this traffic is on the same LAN, as it's a broadcast it will reach the ASA, but there is not need to allow it trough the ASA as this is a directed broadcast (directed to the 10.1.1.0/24 broadcast address)

The hosts will still get it.,

Do you follow me,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I follow, but if it's a directed broadcast, why would it be hitting the inside interface of this firewall?  Is it possible there's an issue someone else thats forwarding these directed packets here?  Is this just a non issue?  SHould i just filter %ASA-7-710005 from the logs and be done with it?

Hello Jason,

All of the devices are on the same , including the ASA,

It's expected to received it, The ASA as a security device will drop it,

Expected behavior with Netbios,

No need to worry

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card