Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1146
Views
0
Helpful
3
Replies

ASA Firewall - Deny IP spoof for syslog logs

MarcinB
Level 1
Level 1

ā€Ž05-24-2022 06:38 AM - edited ā€Ž05-26-2022 12:13 AM

Hello,

I would like to send logs from ASA firewall towards syslog server but when I configured it on highly loaded interface I got below logs:

2 May 24 2022 16:31:18 106016 Deny IP spoof from (10.X.X.X) to 10.X.X.X on interface xxxxx

From - is IP assigned to this interface 

To - is syslog server IP

IP spoofing is disabled.

Everything works fine for the other interface where there is much less traffic.

 

Thank you in advance for any solutions.

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

ā€Ž05-24-2022 06:43 AM - edited ā€Ž05-24-2022 06:54 AM

106016

How could you resolve this situation?

Determine if the IP address belongs to an external user trying to compromise the protected network. Check for misconfigured clients.

Other solution which is unsecured is 
disable IP spoof in interface.

0 Helpful

MarcinB
Level 1
Level 1
In response to MHM Cisco World

ā€Ž05-26-2022 12:13 AM

Yes, I saw this information about syslog log but what exaclty should I do? Which commands or settings are helpful there?

0 Helpful

MHM Cisco World
VIP
VIP
In response to MarcinB

ā€Ž05-26-2022 06:06 PM

NO ip verify reverse-path interface xxxx

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card