cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Deny IP Spoof from me to me

Justin Bray
Level 1
Level 1

I am recieving the syslog message below:

%ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.

A packet arrived at the ASA interface that has a destination IP address of 0.0.0.0 and a destination MAC address of the ASA interface. In addition, this message is generated when the ASA discarded a packet with an invalid source address, which may include one of the following or some other invalid address:

• Loopback network (127.0.0.0)

• Broadcast  (limited, net-directed, subnet-directed, and all-subnets-directed)

• The destination host (land.c)

To further enhance spoof packet detection, use the icmp command to configure the ASA to discard packets with source addresses belonging to the internal network, because the access-list command has been deprecated and is no longer guaranteed to work correctly.

The from address is my public IP that I pat all traffic from and the to address is my public mail servers DNS name.

During the times we receive this message traffic is taking forever to make it out of the firewall.

I have tried a few icmp commands but they haven't worked yet.

Has anyone seen this before.

Who Me Too'd this topic