Showing results for 
Search instead for 
Did you mean: 

ASA trying to intra-subnet traffic

Level 1
Level 1

We have a firewalled segment on an ASA.  There are both wired and wireless systems on this segment.  We're having an issue where the wireless hosts cannot connect to the wired hosts.  Based on the logs, it looks like the traffic from the wireless hosts are trying to go out of the firewall, even though they are on the same IP subnet:

%ASA-4-106023: Deny udp src Skylight: dst Inside: by access-group "Skylight_in" [0x0, 0x0]

I'm not entirely sure that this is a firewall issue, but since I'm seeing this behavior behind the ASA, I figured I'd start here.

Any thoughts?



2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni


Not really familiar with Wireless setups.

The log seems to indicate that the traffic is coming from behind the "Skylight" interface and is heading for a network behind "Inside" interface and is getting blocked by the interface ACL.

Is the user traffic supposed to be coming from behind the "Skylight" interface or "Inside"?

- Jouni

Actually I figured it out.  proxy arp was enabled on the interface.  Once I disabled it (noproxyarp), it fixed my problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card