01-23-2024 10:05 AM
I randomly keep getting the following on my Firepower console "Deny IP due to Land Attack from <outside port IP> to <outside port IP>
I have read a few threads about this and using the information I have not found the source or cause. This just started about a week ago and the system has been running for 6 months so I have been able to rule out Hair Pin from VPN causing it.
I have not seen any traffic matching using Cap asp type asp-drop all, or other captures.
Hoping someone has seen this and knows a resolution, I'm sure the traffic is benign but would like to get it out of the logs.
01-23-2024 10:08 AM
Hairpin of vpn anyconnect
You use nat (out to out) ?
MHM
01-23-2024 05:22 PM
What FTD code running on it ?
How is your FTD in place - Most of the time you see if anything point to default route or route loops to FTD ? or may be spoofed packets ?
Can you post complete log ?
is the IP part of your FTD outside IP ?
is this impacting your environment ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide