Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAE - ICMP Flood to VPN Users

We currently have a distributed server model were users VPN to our ASA in Chicago and access local files in one of our remote offices like in Boston. Our security team is receiving an IPS event and below is a copy of the log.

10.8.64.20/0 --> 10.12.187.98/0 ICMP ICMP Flood,NR-2152/0,Time:1209676259,Risk Rating:85,VLAN:0

My question is does the WAE send out a sort of keepalive to VPN users to make sure they haven't disconnected?

3 REPLIES
Cisco Employee

Re: WAE - ICMP Flood to VPN Users

Clifton,

Are you referring to a WAE running WAAS software, or something else. If you are referring to WAAS, can you please explain how it fits into the topology?

Thanks,

Zach

New Member

Re: WAE - ICMP Flood to VPN Users

Yes, I am referring to a WAE box running WAAS software. At our VPN head end site in Chicago I am redirecting the traffic from the VPN user vlan to a WAAS server. It seems that the WAAS server is sending ICMP packets to remote users. Have you seen this type of behaviour before?

Cisco Employee

Re: WAE - ICMP Flood to VPN Users

The only ICMP traffic generated by the WAE is for CIFS file server auto-discovery.

Can you provide a full packet capture during a time when this is happening.

Thanks,

Zach

278
Views
0
Helpful
3
Replies