04-05-2018 11:58 PM - edited 02-21-2020 07:36 AM
Hi,
I keep receiving log messages on ASA 5545X like this:
2 | Apr 06 2018 | 07:47:57 | 19.19.20.4 | 19.19.20.4 | Deny IP due to Land Attack from 19.19.20.4 to 19.19.20.4 |
This is for server - IP which is 1-to-1 NAT
10.1.4.4 ->19.19.20.4
CONFIG:
object network 19.19.20.4-10.1.4.4
nat (inside,outside) static 19.19.20.4 dns
host 10.1.4.4
and same happens with this log:
This is for local host/network 10.44.0.0 - IP which is 1-to-many NAT
2 | Apr 06 2018 | 07:48:23 | 19.19.20.244 | 19.19.20.244 | Deny IP due to Land Attack from 19.19.20.244 to 19.19.20.244 |
CONFIG:
object network 19.19.20.244-10.44.0.0
nat (inside,outside) dynamic 19.19.20.244
subnet 10.44.0.0 255.255.0.0
Is something with NAT config wrong?
Best regards,
Ivan
04-06-2018 02:58 AM
Hi Ivan,
Land Attack simply means the packets have the same source ip and destination ip, in your case it seems to be 19.19.20.4 and 19.19.20.244.
Is it possible that 10.1.4.4 is sending packets to 19.19.20.4, or 10.44.0.0/24 to 19.19.20.244 ?
You can set up some captures to find out.
If yes configure identity nat for that specific destination.
HTH
Bogdan
04-06-2018 10:05 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide