I am seeing this message on my syslog server that I have NO explaination for.
Perhap someone can point me to the right direction.
I have a site-to-site VPN between hostA and hostB between the ASA and the VPNc.
hostA is 192.168.1.1, ASAVPN inside interface is 192.168.1.254. ASAVPN outside interface
is 10.1.1.1 and the ASAFW internal interface is 10.1.1.254. here is the configuration on
the ASAFW, VPNc external ip address is 22.214.171.124:
static (i,o) 126.96.36.199 10.1.1.1 netmask 255.255.255.255
access-list FW-out permit icmp VPNc 188.8.131.52 log
access-list FW-out permit udp VPNc 184.108.40.206 eq 500 log
access-list FW-out permit udp VPNc 220.127.116.11 eq 4500 log
access-list FW-out permit esp VPNc 18.104.22.168 log
access-list FW-out deny ip any any log
access-group FW-out in interface outside
on the ASAVPN, this is what I have (relevant configuration):
icmp permit host 10.1.1.254 outside
access-list vpn permit host 192.168.1.1 host 192.168.2.1
isakmp identity address
isakmp nat-traversal 10
crypto isakmp enable
crypto map vpn 10 ipsec-isakmp
crypto map vpn 10 set peer VPNc
crypto map vpn 10 set trans 3des
crypto map vpn 10 set pfs group2
crypto map vpn 10 match address vpn
crypto map vpn interface outside
VPNc public interface: 22.214.171.124
VPNc Private interface: 192.168.2.254
ASA is running version 8.2.1
The site-2-site VPN between the VPNc and the ASAVPN is working fine. However, I am getting this syslog
message from the ASAVPN on my syslog server:
ASAVPN Mar 25 2010 02:09:39: %ASA-3-313001: Denied
ICMP type=11, code=0 from 126.96.36.199 on interface outside
How does this IP 188.8.131.52 even make it to the ASAVPN device?