Hello All,
We have setup a new ASA 5516X running FTD 6.2.3.2, and have certain events being logged to an external syslog server. The ASA is sending events to our server every few seconds with events such as:
%ASA-2-106006: Deny inbound UDP from 169.254.1.2/57744 to {Domain Controller IP}/123 on interface nlp_int_tap
%ASA-2-106006: Deny inbound UDP from 169.254.1.2/40736 to {Syslog Server IP}/514 on interface nlp_int_tap
%ASA-2-106007: Deny inbound UDP from 169.254.1.2/35521 to {Domain Controller IP}/53 due to DNS Query
The referenced domain controller is both an NTP and DNS server, so I assume that some service on the ASA is attempting to contacting these servers.
I opened a case with TAC on it, and they said that something on or outside of our network is trying to send these requests through the ASA, where they are getting blocked. But we don't have any 169.254.x.x networks -- I didn't think that range was even valid for routing, and we allow outbound NTP. I attempted disconnecting all interfaces (except for the inside connection) and the messages continue to be sent to our syslog server from the ASA.
I haven't been able to find much on this interface nlp_int_tap and whats its related to - Any ideas?
Thanks
