Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1522
Views
0
Helpful
2
Replies

ASA spoofing

egoodman2
Level 1
Level 1

‎10-31-2018 12:27 PM - edited ‎02-21-2020 08:25 AM

I have a rather stubborn occurrence. I keep getting:

        Deny IP spoof from (10.87.88.1) to 10.141.36.60 on interface inside. 

This is connected via VPN. 10.87.88.1 is the VPN Termination point. It is a site to site connection. The 10.141.36.60 is the laptop I am using. I am able to ping the other devices which are 10.87.88.2 - up. But I believe it is because of the IP spoof that this is not replying. I have spent three days off and on with this, and even have another engineer working on it with me. For some reason, the firewall thinks that when anything attempts to ping 10.87.88.1, the IP being pinged (or Cisco ASA inside interface) is a spoofed address. I have already tried to turn off unicast reverse path failure. And a myriad of things that this and other sites suggested. Anyone have thoughts on how to resolve. Also I cannot ping this device but I can ssh to it. I am hoping from someone with an "Oh yeah" moment, if not, I can see this post going deep.

1 person had this problem
0 Helpful
2 Replies 2

egoodman2
Level 1
Level 1

‎10-31-2018 12:37 PM

One more thing, any persons posting KB articles wanting me to wade through infinite pages of irrelevant information need not post. I am a busy person, and if you are just guessing to get some kind of rating for your profile...don't. Thank you all.

0 Helpful

mirzauddin1295
Level 1
Level 1

‎11-19-2019 01:53 PM

hi there, was this issue resolved? I am getting exactly same issue and not sure how to fix it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card