Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.5.2

Got a new one for me.  We've been having issues on a ASA that I have been investigating.  We are running in Routed mode.  I have a single DMZ setup, an inside and an outside interface.  I have been performing sniffs on the DMZ interface as we suspected compromised servers.  These servers solely reside upon the DMZ network on VM's.  On the DMZ interface I am seeing broadcasts/multicasts from the INSIDE interface.  I verified my configuration but can't for the life of me understand how the heck I could be seeing that.  Any ideas?

2 REPLIES
Super Bronze

ASA 8.5.2

Hi,

Do you have some switch network behind both "inside" and "dmz" interface that are connected to eachother somehow?

- Jouni

New Member

ASA 8.5.2

You might think.  Nope... I seperated the DMZ completely and know exactly what devices; Netscaler, and VM hosts.   When I unplug the DMZ port on the ASA from the DMZ switch, I do not get the broadcasts so it stands to reason that is the port for the source (not the mac source as it looks like it's simply bridged across).  I even verified that we were running in routed mode... 

91
Views
0
Helpful
2
Replies
CreatePlease to create content