This can be caused by asymmetric routing or an IP spoof attack.
Make sure that the PIX does not have multiple paths that the device may be reached through. If it is not an asymmetric routing issue, then the PIX may be under attack by an IP spoofer.
To stop this type of attack, try the following steps.
- Configure an access list on the interface under attack to block the IP address.
2. Configure the ip verify reverse-path feature.
3. Contact your ISP and have them block that IP address.