cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2123
Views
0
Helpful
6
Replies

cisco asa 5520 how can I get rid of this spoofing

west33637
Level 1
Level 1

Hello all. Everytime I try to ssh to my ASA inside interface (12.12.7.36) from 10.10.2.3. I get the following error in my logs. how can I get rid of this?

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

1 Accepted Solution

Accepted Solutions

The toplogy looks like this?

10.10.2.3---Router(.33)--(12.12.7.36)ASA---

You are seeing this message

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

That message means that the packet that the firewall sent is coming right back to the firewall. I'd check the route on the router to see why it may be sending the packet back to the firewall. Does the router know where 10.10.2.0/24 lives?

Post the output of "sh run int" pls.

What is the GW configured on 10.10.2.3?

What other logs do you see besides the deny ip spoof for port 22 (ssh) connection?

What is the route on the 12.12.7.33 router? It is pointing its default gateway towards the ASA?

-KS

View solution in original post

6 Replies 6

jdlampard
Level 1
Level 1

Seems you have...

ip verify reverse-path interface inside

Try removing it and test.

Doesn't look like the source IP of this SSH connection lives/belongs behind the inside interface. Check "sh run route".

You can only ping, ssh, asdm or telnet to the closes interface from your source.

You cannot reach the far side interface - this is by design.

-KS

the source of this ssh connection lives behind the inside interface.

sh run route
route inside 10.10.2.0 255.255.255.0 12.12.7.33

The toplogy looks like this?

10.10.2.3---Router(.33)--(12.12.7.36)ASA---

You are seeing this message

Deny IP spoof from (12.12.7.36) to 10.10.2.3 on interface inside.

That message means that the packet that the firewall sent is coming right back to the firewall. I'd check the route on the router to see why it may be sending the packet back to the firewall. Does the router know where 10.10.2.0/24 lives?

Post the output of "sh run int" pls.

What is the GW configured on 10.10.2.3?

What other logs do you see besides the deny ip spoof for port 22 (ssh) connection?

What is the route on the 12.12.7.33 router? It is pointing its default gateway towards the ASA?

-KS

I found a routing loop along the path to the ssh source. Fixing that resolved the issue. Thanks!!

Awesome! Yes, exactly what I thought. Thanks for rating.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: