|
Posted by Chris on July 9, 2007, 6:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all,
>
> Hopefully you can help with a problem I am having with Cisco syslog
> message ASA-2-106016.
>
> Basically we have a /27 public address range in our network and during
> testing we are trying to prove that the access-lists on our firewall
> is behaving as it should. The access-list allows through any traffic
> from the /27 network on the inside interface and blocks any traffic
> between the /27 network into the outside interface. Therefore if we
> try to connect to ourselves the traffic should be stopped coming back
> in on the outside interface.
>
> What is actually happening is that one address is actually being
> stopped from getting into the inside interface and the syslog message
> is "Deny IP spoof from (our IP address) to (broadcast address of our
> range) on interface inside". Addresses either side of the blocked
> address work so we don't think it could be misconfiguration of mask.
>
> Would anyone have an idea as to why this happens?
>
> Many thanks,
>
> Chris
D'oh! Case now closed. Despite me saying that there wasn't misconfig
it turns out that the management IP address was configured with the
wrong mask.
| 
XML site map