Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 unknown subnet trying to ping inside

I have an ASA 5510 8.4(5) in one of my remote offices.  it's got a tunnel back to my main site.

the past 2 nights it crashed around 3:00 am and you couldn't do anything but power it off and back on again.

I noticed it was externally pingable, so I turned that off today.


One thing I am noticing in the ASDM logs that some addresses are trying to ping the inside interface.

I don't know the addresses though. they are not one of any of my subnets.


any idea how I can track that down?

3Mar 14 201421:33:11   

Denied ICMP type=9, code=0 from on interface inside


3Mar 14 201421:32:47   Denied ICMP type=9, code=0 from on interface inside


Hall of Fame Super Silver

 What does your inside


What does your inside gateway think about the reachability of that source subnet?

Do they have any remote access VPN setup? Those could be from a VPN pool of addresses.

If not, you'll have to do a capture of the actual packets to trace down the originating MAC address and trace it from there.


CreatePlease to create content