Deny IP due to Land Attack from IP_address to IP_address

menning · ‎08-07-2017

Dear all,

Urgently need help as I tried many ways but still can't solve this issue.

Appreciate it if you guys can help me. Thanks!

Refer the attached files as my settings in Cisco ASDM 7.4 for ASA.

Did my settings in NAT and ACL configure wrongly?

This is the result that I get as below:

%ASA-2-106017: Deny IP due to Land Attack from IP_address to IP_address

Do you guys have any solution for the issue that I faced?

Much appreciated.

Thank you!

Regards,

Menning

mvsheik123 · ‎08-07-2017

Hi,

The below link (discussion) may provide some info..

https://supportforums.cisco.com/discussion/11316511/asa-land-attack-and-nat-config

Thx

MS

Aditya Ganjoo · ‎08-07-2017

Hi,

ASA would drop the packets if the source and destination IP are the same.

So this is expected.

To know why this is happening we need to take packet captures on all the ASA interfaces.

To identify which device is generating this traffic, I would like to suggest you applying packet captures as follow:

access-list cap permit ip host <IP address in the syslog> host <ip address in the syslog>

Capture cap access-list cap interface outside

Capture cap1 access-list cap interface <>

cap cap type asp-drop all buffer 3000000 circular-buffer

Use captures on all the interfaces matching the same access-list and share with us.

Regards,

Aditya

Please rate helpful and mark correct answers