We use our ASA as a VPN concentrator and I am seeing a ton of messages that read
Deny IP spoof from (0.0.0.1) to 10.x.2.91 on interface UntrustedDMZ
The 10.x.x.x address is a user on the vpn logged in from a hotel. he tells me that he only has outlook open at this point. Any idea what might be causing this message. Ciscoworks reports over 1200 messages already today from this one user.