Hi halijenn / NT / Magnus
I have a query on "Deny TCP Reverse path check " . Logical interfaces are configured on the Firewall of which physical interface Gig0/0 is not assigned any "nameif". The logical interface Gig0/0.1 is "inside" interface [sec level 100 ] and Gig0/0.2 [sec level 80 ] is "inside1" and is configured for assigning dhcp ip address as follows .
dhcpd address 10.111.27.40-10.111.27.254 inside1
dhcpd enable inside1
User - > Access point -> Wireles switch -> ASA -> Internet
I am getting this below error and the main issue is that i am not able to go to internet for any http traffic [ yahoo , google ] ; however able to go for https traffic . "ip verify reverse path " is already configured for inside and outside interface . I can disable the "ip verify reverse path " command however i am puzzled as to why it is happening only for port 80 traffic .
Aug 03 2010 16:07:28: %ASA-1-106021: Deny TCP reverse path check from 10.111.27.41 to 184.108.40.206 on interface inside
Aug 03 2010 16:07:28: %ASA-1-106021: Deny TCP reverse path check from 220.127.116.11 to 10.111.27.41 on interface inside
As we can see from the above syslogs that 10.111.27.X belongs to inside1 interface ; however traffic getting initiated from the inside interface and getting dropped . Also , this was working earlier and stopped working suddenly . Can you please guide me on this as to how to proceed and what could be the probable reason ?