×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Deny UDP reverse path check from ....

Unanswered Question
Oct 18th, 2006
User Badges:

%ASA-1-106021: Deny UDP reverse path check from 172.19.60.219 to 172.19.60.255 on interface outside


I have seen this syslog messages, when i connect with vpnclient.172.19.60.0/24 is my inside.

How can i solve that issue,

casco

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
m.sir Thu, 10/19/2006 - 01:28
User Badges:
  • Gold, 750 points or more

It means that outside interface recieved packet from network that is NOT in firewall routing table...

Its enabled with command

ip verify reverse-path interface outside

You can disable this feature with command

no ip verify reverse-path interface outside

Do you know what is 172.19.60.x network???

M.

Hope that helsp rate if it does

cascolibre Thu, 10/19/2006 - 07:02
User Badges:

Thks.

172.19.60.x is my inside network block.

But there is no route from inside to outside already.


stalin_cisco Tue, 05/22/2012 - 22:46
User Badges:


Hi Friends,


I'm also getting this logs on my ASA firewall,


%ASA-1-106021: Deny UDP reverse path check from 10.67.3.113 to 10.67.254.66 on interface inside


Both Ip address are not in my network... Please help me how i can trace the IP address ?


Thank you,


Regards,

Stalin P

Haitham Jaradat Wed, 05/23/2012 - 05:44
User Badges:
  • Cisco Employee,

Can you share the following information:

1. NAT configuration.

2. interface configuration.

3. VPN client pool used.

4. routing table from the ASA.

Actions

This Discussion