ASA 5510 unknown subnet trying to ping inside

Unanswered Question
Mar 14th, 2014
User Badges:

I have an ASA 5510 8.4(5) in one of my remote offices.  it's got a tunnel back to my main site.

the past 2 nights it crashed around 3:00 am and you couldn't do anything but power it off and back on again.

I noticed it was externally pingable, so I turned that off today.

 

One thing I am noticing in the ASDM logs that some addresses are trying to ping the inside interface.

I don't know the addresses though. they are not one of any of my subnets.

 

any idea how I can track that down?

3Mar 14 201421:33:11 192.168.110.20   

Denied ICMP type=9, code=0 from 192.168.110.20 on interface inside

 

3Mar 14 201421:32:47 192.168.110.100   Denied ICMP type=9, code=0 from 192.168.110.100 on interface inside

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Sat, 03/15/2014 - 08:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

 

What does your inside gateway think about the reachability of that source subnet?

Do they have any remote access VPN setup? Those could be from a VPN pool of addresses.

If not, you'll have to do a capture of the actual packets to trace down the originating MAC address and trace it from there.

 

Actions

This Discussion