ASA 5510 error

Unanswered Question
Jun 16th, 2009
User Badges:

Hi Guys,


Im gettin an error from an asa 5510 but dont think anything is affected right now. Could you please give me more information on this error please? any help is appreciated. Thanks


"Deny UDP, reverse path check from DMZ switch to Core Switch on interface outside"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Tue, 06/16/2009 - 13:30
User Badges:
  • Green, 3000 points or more

Firewall is doing what is suppose to do .. read the two links bellow-details on (uRPC) Unicast Reverse Path check, and that log message.


see message 106021

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768997


Mitigating network attacks

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#topic2



Regards


killer316 Wed, 06/17/2009 - 02:20
User Badges:

Thanks for that.


Dont think its anything like a spoof attack..the message is coming up every min or so. Do you think it could just be a single host sending broadcasts?


thanks again.

JORGE RODRIGUEZ Wed, 06/17/2009 - 17:13
User Badges:
  • Green, 3000 points or more

What is the actual syslog message from asa, it shoudl provide more info and give more clues on what udp port. what is your topology, who is in DMZ and what is on the outside, is your outside still your trusted network, I ask because from your post outside interface connects to core switch?


In any case if you wanted to find out the actual source host on the DMZ you ccould use capture command along with an acl and capture pakets to get a mac address from the capture results.



Regards

Actions

This Discussion