Re: Syslog Anormal amount of Warning message %ASA-4-106023

FrederiqueCD · ‎05-21-2019

Greetings,

I'm getting a very large amount (sometime 10 or 15 per seconds) of %ASA-4-106023 warnings in the realtime syslog console of a 5506 ASA.

%ASA-4-106023: Deny icmp(or UDP) src Outside:X dst Inside: Y

Where sources are always different publics IPs (X) but the destinations are always the same 2 internal IP addresses in my network (which are not leased and have never been leased by the DHCP server nor fixed).

The router CPU is still under 15% but I'm wondering how to prevent these warnings.

I would also like to understand what that really means ?

Thanks you for your insights on that matter.

Frederique

balaji.bandi · ‎05-21-2019

This is normal as this is FW, it always block the traffic which was not allowed.

Only you need to worry about is, is there any traffic from inside originating ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

FrederiqueCD · ‎05-21-2019

Hello BB,

Thanks you for your answer. Actually this hosts is alive and is opening session with the internet.

But why is there so many denied udp/icmp packets ? Are they returned packets ? or is it something different ?

balaji.bandi · ‎05-21-2019

FW act based on the Rules you have setup on your network.

So if this Live Host, i will investigate why this IP sending too many request outside and they are Denied.

This is unusual single device sending ICMP outside. I will start with Local Device and investigate with remote IP it try to send ICMP

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help