Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
1
Replies

Log message in ASA

Russell Pearson
Level 1
Level 1

‎07-15-2011 10:00 AM - edited ‎03-11-2019 01:59 PM

Hey there,

I'm seeing a lot of these message in my 5520 ASA.

Any thoughts?

Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside

Labels:
0 Helpful
1 Reply 1

varrao
Level 10
Level 10

‎07-15-2011 10:13 AM

The firewall seems to be under land attack, you need to identify the mac-address of the machine from where you are getting these messages, do this:

access-list cap permit ip host 0.1.0.4 any

access-list cap permit ip host 0.1.0.4 any

capture capin access-list cap interface inside

and the do "show capture capin" check if any packets are captured, if yes , do " show capture capin detail | in 0.1.0.4" , it will give you the mac-address, here is an example:

1: 11:16:29.858872 0015.c666.5870 0012.d949.06d9 0x0800 92: 192.168.0.1.137
>
192.168.0.1.137:  [udp sum ok] udp 50 [tos 0x60]  (ttl 137, id 28616)

and then you can check it by :

sh arp | in 0015.c666.5870

and check if this mac is in your network.

hope this would help you.

Thanks,
Varun
Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card