Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

Troubleshoot Firewall IP Spoofing events on our Internal Network

sspencer
Level 1
Level 1

‎05-23-2007 08:19 AM - edited ‎03-05-2019 04:15 PM

I hope this is in the correct category - It involves our LAN and Routing/Troubleshooting.

My experience:

I have 15+ years computer, server and network support experience...but am by no means an expert. I've held my CCNA since 2001, but until the past 6 months, have never supported Cisco products on a full time basis as in my current position.

Our problem:

We have a network comprised of over 100 Cisco switches and routers, mostly utilizing 3750 model switches with approx. 1500 end-user systems in the field. We operate in a WAN environment, spread across approx. 20 miles. We utilize OSPF for routing.

Herein, I am referring to firewall responsibilities of our network.

Recent Firewall logs/reports have shown constant IP Spoofing events from our Firewall occurring on our Internal/LAN interface.

To the best of my ability, I believe some Wireless or other NICs on our network are improperly receiving Microsoft APIPA IP addresses (ie. 169.254.X.X) and as a result, are unable to route within our network - instead directed to our firewall and in turn, creating these unwanted events (hundreds upon hundreds per day).

Posting objective:

I am seeking suggestions/guidance on how I can troubleshoot, isolate and ultimately resolve these instances - if possible. How can I trace/back trace the originating source host of these incorrect IPs and their traffic?

And yes, I do have time to be proactive unlike past positions...so time is not too much a concern. However, methodology and isolation approach to resolving this problem is what I need assistance in.

Does anyone here happen to have experience in this or would anyone be able to provide some insight on how I can begin/proceed to troubleshoot this issue, with full access to all Cisco devices, even if it involves Port Mirroring and Packet Sniffing.

Any and all suggestions would be appreciated!.

I wish to thank you in advance for your assistance, as well as attention to my inquiry within!!!!

Kindest Regards.

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎05-30-2007 06:02 AM

The Cisco IOS Firewall feature set combines existing Cisco IOS firewall technology and the new context-based access control (CBAC) feature. When you configure the Cisco IOS Firewall feature set on your Cisco router, you turn your router into an effective, robust firewall.

If you want to know more please click following URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/prod_release_note09186a0080080c54.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card