Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
29301
Views
5
Helpful
5
Replies

Deny UDP reverse path check from ....

cascolibre
Level 1
Level 1

‎10-18-2006 06:01 AM

%ASA-1-106021: Deny UDP reverse path check from 172.19.60.219 to 172.19.60.255 on interface outside

I have seen this syslog messages, when i connect with vpnclient.172.19.60.0/24 is my inside.

How can i solve that issue,

casco

Labels:
0 Helpful
5 Replies 5

m.sir
Level 7
Level 7

‎10-19-2006 01:28 AM

It means that outside interface recieved packet from network that is NOT in firewall routing table...

Its enabled with command

ip verify reverse-path interface outside

You can disable this feature with command

no ip verify reverse-path interface outside

Do you know what is 172.19.60.x network???

M.

Hope that helsp rate if it does

cascolibre
Level 1
Level 1
In response to m.sir

‎10-19-2006 07:02 AM

Thks.

172.19.60.x is my inside network block.

But there is no route from inside to outside already.

0 Helpful

RANT
Level 1
Level 1
In response to m.sir

‎01-07-2025 06:02 AM

I get the same messages but i have a static route for the network question, so the firewall does have it in the routing table.

0 Helpful

stalin_cisco
Level 1
Level 1

‎05-22-2012 10:46 PM


Hi Friends,

I'm also getting this logs on my ASA firewall,

%ASA-1-106021: Deny UDP reverse path check from 10.67.3.113 to 10.67.254.66 on interface inside

Both Ip address are not in my network... Please help me how i can trace the IP address ?

Thank you,

Regards,

Stalin P

0 Helpful

Haitham Jaradat
Cisco Employee
Cisco Employee

‎05-23-2012 05:44 AM

Can you share the following information:

1. NAT configuration.

2. interface configuration.

3. VPN client pool used.

4. routing table from the ASA.

0 Helpful
Customers Also Viewed These Support Documents