About brasbehlph1

brasbehlph1 · 10-15-2011

I have been getting some Land Attack errors in my ASA logs recently so I captured some traffic to analyze.ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1During a Land Attack, the capture shows an inside address trying to send traffic...

brasbehlph1 · 07-19-2011

How would I go about filtering Outside access to a vpn port of a Cisco ASA < 8.2?By default, it seems the VPN does not use the acl on the outside interface.Thanks

brasbehlph1 · 10-20-2011

I was able to test an ACL on a spare ASA and it did work.When there is no ACL, the land attack is logged which is correct as it can't connect to itself.When I add the ACL denying access to its nat address it is logged as a deny.access-list inside_acc...

brasbehlph1 · 10-16-2011

From the original post, I just used ping to reproduce the error that I get from time to time on my asa from other user traffic.When a land attack happens I check the the captured data and see what caused it and it is because of some nat traversal tra...

brasbehlph1 · 10-16-2011

I have already taken the dump and verified the traffic to be legit.Again, If I ping my nat public address I can produce a Land Attack.I just want to prevent regular traffic from sending off Land Attack errors.

brasbehlph1 · 10-15-2011

Yes, all inside users currently use 1.1.1.1 as the outside natted address and all works.I am trying to limit Land Attack errors from false positives so we know when a real Land Attack occurs.I know the traffic gets dropped but if I add an ACL would t...

brasbehlph1 · 07-20-2011

Thanks for the reply.However I am only trying to restrict who has access to connect to the vpn port from the internet (outside).I have created a webvpn that listens on port 443 on the outside interface so remote users can access internal resources w...

Member Since	‎07-19-2011 06:03 PM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	7

User Statistics

User Activity

ASA Land Attack and NAT config

VPN ACL

Re: ASA Land Attack and NAT config

Re: ASA Land Attack and NAT config

ASA Land Attack and NAT config

ASA Land Attack and NAT config

Re: VPN ACL