×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can a "NAT U-Turn" configuration on ASA be a cause of a "Land Attack" syslog message?

Unanswered Question
Jun 14th, 2014
User Badges:

Can this configuration on ASA be a cause of a "%ASA-2-106017: Deny IP due to Land Attack from 17.18.19.20 to 17.18.19.20" syslog message. 

interface Ethernet0/0

 nameif outside

 security-level 0

 ip address 17.18.19.101 255.255.255.128 standby 17.18.19.102

interface Ethernet0/1

 duplex full  

 nameif inside

 security-level 100

 ip address 172.16.20.1 255.255.255.0 standby 172.16.20.2 

!             

 object network users_VPN_net

 subnet 192.168.20.0 255.255.255.0

object network users_VPN_net

nat (outside,outside) dynamic 17.18.19.20

As an additional information I can say that we see this syslog messages only during business days from Monday to Friday starting at 08:00 am and ending at 06:00pm.  

Thank you 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
armartirosyan Fri, 06/20/2014 - 07:03
User Badges:

Yes Rahul  both intra and inter traffic are enabled.

!

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

!

Connectivity wise we don't have any issues, just this log message that is constantly coming into our syslog server. 

"%ASA-2-106017: Deny IP due to Land Attack from 17.18.19.20 to 17.18.19.20"

Rahul Kumar Mishra Mon, 06/23/2014 - 05:26
User Badges:

Can you post the output of following command-

 

packet-tracert input outside tcp 192.168.20.10 2000 1.1.1.1 80 detail

 

I guess there is some misconfiguration in NAT because land attack means if the source and destination of IP packet is same. Are vpn users trying to access IP 17.18.19.20?

Actions

This Discussion

Related Content