cisco asa 5520 how can I get rid of this spoofing

Answered Question
Jan 14th, 2011

Hello all. Everytime I try to ssh to my ASA inside interface (12.12.7.36) from 10.10.2.3. I get the following error in my logs. how can I get rid of this?

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

I have this problem too.
0 votes
Correct Answer by Poonguzhali Sankar about 3 years 3 months ago

The toplogy looks like this?

10.10.2.3---Router(.33)--(12.12.7.36)ASA---

You are seeing this message

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

That message means that the packet that the firewall sent is coming right back to the firewall. I'd check the route on the router to see why it may be sending the packet back to the firewall. Does the router know where 10.10.2.0/24 lives?

Post the output of "sh run int" pls.

What is the GW configured on 10.10.2.3?

What other logs do you see besides the deny ip spoof for port 22 (ssh) connection?

What is the route on the 12.12.7.33 router? It is pointing its default gateway towards the ASA?

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
jdlampard Fri, 01/14/2011 - 20:57

Seems you have...

ip verify reverse-path interface inside

Try removing it and test.

Poonguzhali Sankar Sat, 01/15/2011 - 07:03

Doesn't look like the source IP of this SSH connection lives/belongs behind the inside interface. Check "sh run route".

You can only ping, ssh, asdm or telnet to the closes interface from your source.

You cannot reach the far side interface - this is by design.

-KS

west33637 Sat, 01/15/2011 - 08:55

the source of this ssh connection lives behind the inside interface.

sh run route
route inside 10.10.2.0 255.255.255.0 12.12.7.33

Correct Answer
Poonguzhali Sankar Sat, 01/15/2011 - 09:36

The toplogy looks like this?

10.10.2.3---Router(.33)--(12.12.7.36)ASA---

You are seeing this message

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

That message means that the packet that the firewall sent is coming right back to the firewall. I'd check the route on the router to see why it may be sending the packet back to the firewall. Does the router know where 10.10.2.0/24 lives?

Post the output of "sh run int" pls.

What is the GW configured on 10.10.2.3?

What other logs do you see besides the deny ip spoof for port 22 (ssh) connection?

What is the route on the 12.12.7.33 router? It is pointing its default gateway towards the ASA?

-KS

west33637 Sat, 01/15/2011 - 12:36

I found a routing loop along the path to the ssh source. Fixing that resolved the issue. Thanks!!

Actions

Login or Register to take actions

This Discussion

Posted January 14, 2011 at 8:52 PM
Stats:
Replies:6 Avg. Rating:5
Views:752 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446