When I action show ip nat translations on our gateway router, it comes up with an Inside Local IP Address that does NOT belong to out local network. See attached.
192.168.1.0/24 does not belong to any of our user, not in routing table as static route (we don't use dynamic protocol) nor this is a configure interface on the router.
Is there a way I can trace which VLAN this IP is coming from because before this network 192.168.1.0/24 was flooding out NAT pool and I had to configure the following under the NAT Pool ACL:
deny ip 192.168.1.0 0.0.0.255 any any log
Jun 18 2007 14:41:46.081 EST: %SEC-6-IPACCESSLOGP: list NAT_ACL denied udp 192.168.1.130(0) -> 10.0.1.1(0), 15 packets
Jun 18 2007 14:51:29.101 EST: %SEC-6-IPACCESSLOGDP: list NAT_ACL denied icmp 192.168.1.111 -> 22.214.171.124 (0/0), 3 packets
Could this be a DOS attack?
We are currently experiencing Internet outage to some users which cannot use HTTP, mail and terminal service.