03-05-2008 02:27 PM - edited 03-11-2019 05:12 AM
Hello All,
I just installed my ASA 5505 and the firewall log showed that it denied a connection from Ip address 74.9.151.50 every second. Please see the attached file.
What does the log message indicate and how to stop
ip address 74.9.151.50 from attacking my ASA.
Thank you for your help!!
03-05-2008 02:36 PM
do you have an icmp policy configured on your asa?
Try the following to check:
sh run | grep icmp
03-06-2008 06:53 AM
Thanks,
Here is the output:
ASA-ST# sh run | grep icmp
icmp unreachable rate-limit 1 burst-size 1
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
03-06-2008 08:07 AM
The icmp type and code is the clue here, Type 11 code 0 = Time to Live exceeded in Transit.
This generally points to a routing loop in a path to a particular host. However, these blocked packets could be response packets to an outbound traceroute test.
03-06-2008 08:17 AM
Thanks again,
What would you recommend?
03-06-2008 08:20 AM
Well, I would check to see if someone was trying a traceroute test at the time.
It all depends if you want to allow traceroutes out of your network. If not, do nothing, your firewall is working as it should.
If you do, you will need to allow the icmp packets back into your network using an ACL.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: