Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
3
Replies

IP Spoofing ASA

Mitesh Manwatkar
Level 1
Level 1

‎05-12-2014 03:27 AM - edited ‎03-11-2019 09:11 PM

Hi,

I am new to this field.

Kindly suggest how to enable IP spoofing on ASA.

Regards,

MItesh Manwtakar

Labels:
0 Helpful
3 Replies 3

James Leinweber
Level 4
Level 4

‎05-12-2014 12:15 PM

I don't think you can get an ASA to spoof, though it will do proxy-arp for addresses which are in use for NAT.  To allow clients to spoof 1-way through an ASA, you would have turn off "ip verify reverse-path" on the interface receiving the spoofed packets.  Obviously you won't get any reply traffic

If you can describe what you are trying to do in more detail, we might be able to offer better advice.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful

Mitesh Manwatkar
Level 1
Level 1
In response to James Leinweber

‎05-12-2014 08:03 PM

Hi,

Thanx...I just wanted to understand how it work in ASA.

Regards.

0 Helpful

ssheorai
Level 1
Level 1
In response to Mitesh Manwatkar

‎09-21-2014 01:06 PM

I want to know why I am getting below logs on my ASA 5585 SSP-60

 

Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 213.199.179.166 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.130.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 64.4.23.157 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 65.55.223.17 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 213.199.179.166 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.130.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.146 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 111.221.77.150 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.173 on interface ByteMobile_Traffic

 

 

I know the reasons for these denials by the IPS signature but I want to know why I am getting traffic with unknown source address. ByteMobile_Traffic is my inside interface with security level 100 and also traffic is coming from another inside interface towards this ByteMobile_Traffic interface.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card