I'm seeing a lot of "DENIED LAND ATTACK" messages coming from a PIX 515 v.6.3 on my CS-MARS console. I'm not a PIX expert, but couldn't spot anything.
It must have something to do with the NAT (Internet searches have pointed my to such things as DNS Doctoring and Hairpinning) implemented. I've attached both a partial config and a sample of the messages taken from the CSMARS.
The IP 220.127.116.11 is the IP used to hide the internal network addresses (18.104.22.168/8) on the Internet.
All help is appreciated.