10-15-2012 07:06 AM - edited 03-11-2019 05:09 PM
Hi,
I am getting following maessage on my ASA %ASA-1-106021: Deny UDP reverse path check from 192.168.1.220 to 10.192.0.249 on interface inside.
192.168.1.220 is not there in my network and I have enabled the RPF on ASA so it is obious that it is getting blocked..
My challenge is to find out the actual souce device for 192.168.1.220 and to block these logs from reflecting. I tried following but could not succeed,
1) Applied ACL on interface interface in line 1 denying all traffic from 192.168.1.220 to 10.192.0.249 (Outside), but still RPF message continues with no hits on this ACL. I am wondering if ACL comes first or RPF
2) Connected sniffer in the vlan of Inside interface but could not get any logs for these two IPs.
10-15-2012 10:23 AM
Hello Shivaji,
1) Yes, the route-lookup goes first than the ACL.
What is on the internal network, what other device?
Any other question..Sure..Just remember to rate all of my answers.
Julio
10-16-2012 12:34 AM
But how do I find out the actual source. 192.168.x.x is not used in my network.
I tried using Sniffer but that did not show up anything with this IP address.
Shivaji
10-16-2012 05:13 AM
Hello Shivaji,
I know what you mean but if the ASA reports it. that means it is happening.
Someone is using that Ip on your internal network.....
Can you provide me the captures you applied on your ASA?
Any other question..Sure..Just remember to rate all of my answers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide