05-21-2019 04:02 AM
Greetings,
I'm getting a very large amount (sometime 10 or 15 per seconds) of %ASA-4-106023 warnings in the realtime syslog console of a 5506 ASA.
%ASA-4-106023: Deny icmp(or UDP) src Outside:X dst Inside: Y
Where sources are always different publics IPs (X) but the destinations are always the same 2 internal IP addresses in my network (which are not leased and have never been leased by the DHCP server nor fixed).
The router CPU is still under 15% but I'm wondering how to prevent these warnings.
I would also like to understand what that really means ?
Thanks you for your insights on that matter.
Frederique
05-21-2019 04:06 AM
This is normal as this is FW, it always block the traffic which was not allowed.
Only you need to worry about is, is there any traffic from inside originating ?
05-21-2019 04:45 AM
Hello BB,
Thanks you for your answer. Actually this hosts is alive and is opening session with the internet.
But why is there so many denied udp/icmp packets ? Are they returned packets ? or is it something different ?
05-21-2019 05:39 AM
FW act based on the Rules you have setup on your network.
So if this Live Host, i will investigate why this IP sending too many request outside and they are Denied.
This is unusual single device sending ICMP outside. I will start with Local Device and investigate with remote IP it try to send ICMP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide