Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
1
Replies

Deny ip Spoof

reto.rutishauser
Level 1
Level 1

‎01-25-2007 12:30 AM - edited ‎03-11-2019 02:24 AM

Hi,

I'm using an ASA5510. I want enable VPN-Client Access, but there is always the Message: "Deny ip Spoof from (..) on Interface outside". I'm also not able to ping this device. ACL's are open and the command:

icmp permit any unreachable outside

icmp permit any outside

Could someone give me a solution?

thanks

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎01-25-2007 10:07 PM

Hello reto,

what is the source of the spoof attack coming from ?? if it is one of these, then the PIX blocks all the spoof traffic by default, since thats the way it is supposed to work:

1) 127.0.0.1 - loopback

2) broadcast address

3) land.c subnets - your same network...

If it is something else, we have to analyse what IP is that and see if it is required.. Are you not able to connect to the PIX outside at all from the internet ?? this should not be the case.. can you do a tracert and find out where it is dropping ?? Are there any other log messages on the PIX ?? Try going to internet through a laptop.. take the IP of that laptop and connect to PIX. see if there are any packets hitting the firewall with that laptop's IP ... am sure you can nail down the issue...

Hope this helps.. let us know..

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card