Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

Deny on pix firewall

jbisht
Level 1
Level 1

‎08-26-2005 12:44 PM - edited ‎02-21-2020 12:21 AM

I am getting these deny messages on my pix firewall log.

106011: Deny inbound (No xlate) tcp src inside:10.1.25.52/4986 dst inside:10.0.1.5/445

106011: Deny inbound (No xlate) tcp src inside:10.1.25.52/4987 dst inside:10.0.1.5/139

106011: Deny inbound (No xlate) tcp src inside:192.168.195.1/4988 dst inside:10.0.1.5/139

106011: Deny inbound (No xlate) tcp src inside:192.168.58.1/4989 dst inside:10.0.1.5/139

I dont have any computers on my network with ip address 192.168.58.1 and 192.168.195.1.

How to find out which machine is generating these messages.These addreses are not showing in the arp of the pix and gateway router.

thanks

0 Helpful
1 Reply 1

glenn.newman
Level 1
Level 1

‎08-30-2005 08:12 AM

A traffic capture from the various VLANs will show the traffic. You will have to create a monitor session (port mirroring or spanning)that redirects a VLAN to your monitor port. I am assuming you have managed switches like 2950s or better. You can then look at the MAC and follow it to a port by looking at the MAC address tables in the switches - "show mac-address-table dynamic address xxxx.yyyy.zzzz".

Ethereal is a shareware program for traffic captures. You can create a filter for just the IPs you are looking for.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card