08-21-2013 11:38 AM - edited 03-11-2019 07:29 PM
I am replacing an outdated ISA server with a pair of asa 5515's in active / standby. Our ISP lit up another fiber connections to us and gave us a new set of public IP's to facilitate this conversion. I have been watching tutorials, reading forums, and googling for the last month trying to prepare for this. Currently, I have set up access rules for one web server and a prototype direct access server. I can access the web server over http and https without any problems by going to the non-published new public IP.
While looking at the real time logs when accessing the website, I noticed a lot of "Deny IP spoof from (255.255.255.255) to 0.0.0.0 on interface Outside" and "[Scanning] drop rate-1or2 exceeded. Current burst rate is 2 per second...".
Are these things that I should be worried about?
Thank you for any information.
T
08-21-2013 11:39 AM
: Saved : ASA Version 9.1(2) ! hostname WSCC-ASA1 domain-name Westshore.edu enable password QODQ9PdmvR8vu92s encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0/0 nameif Inside security-level 100 ip address 192.168.7.165 255.255.248.0 ! interface GigabitEthernet0/1 description Wireless nameif Wireless security-level 75 ip address 10.59.0.1 255.255.0.0 ! interface GigabitEthernet0/2 description Perimeter nameif DMZ security-level 50 ip address 172.28.0.1 255.255.255.224 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 nameif Outside security-level 0 ip address 38.65.225.1 255.255.252.0 ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.10.1 255.255.255.0 ! boot system disk0:/asa912-smp-k8.bin boot system disk0:/asa901-smp-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name Westshore.edu same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network OBJ_GENERIC_ALL subnet 0.0.0.0 0.0.0.0 object network WWW_webserver host 192.168.0.68 description Cascade object network Direct_Access host 192.168.7.162 description WSCC-S-004014 object-group network PAT-SOURCE description PAT Source Networks network-object 192.168.0.0 255.255.248.0 object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https access-list OUTSIDE-IN remark WSCC-S-003056 access-list OUTSIDE-IN extended permit tcp any object WWW_webserver object-group DM_INLINE_TCP_1 access-list OUTSIDE-IN remark WSCC-S-004014 access-list OUTSIDE-IN extended permit ip any object Direct_Access pager lines 24 logging enable logging asdm informational mtu Inside 1500 mtu Wireless 1500 mtu DMZ 1500 mtu Outside 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any Outside asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (Inside,Outside) source dynamic OBJ_GENERIC_ALL interface ! object network WWW_webserver nat (Inside,Outside) static 38.65.225.60 object network Direct_Access nat (any,any) static 38.65.225.10 access-group OUTSIDE-IN in interface Outside route Outside 0.0.0.0 0.0.0.0 38.65.224.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.10.0 255.255.255.0 management http 192.168.2.152 255.255.255.252 Inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy