Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA enormous log %ASA-3-313001:

ASA enormous log about %ASA-3-313001:

show log output:

Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.10.8 on interface Trust
Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.38 on interface Trust
Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.27 on interface Trust
Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.39 on interface Trust
Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.13 on interface Trust
Aug 15 2014 11:27:40: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.10.60 on interface Trust
Aug 15 2014 11:27:50: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.38 on interface Trust
Aug 15 2014 11:27:50: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.10.8 on interface Trust
Aug 15 2014 11:27:50: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.27 on interface Trust
Aug 15 2014 11:27:55: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.10.8 on interface Trust
Aug 15 2014 11:27:55: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.38 on interface Trust
Aug 15 2014 11:27:55: %ASA-3-313001: Denied ICMP type=5, code=0 from 172.19.9.27 on interface Trust

 

show run icmp output:

icmp permit any Trust

 

 

4 REPLIES
Community Member

This message generate every 5

This message generate every 5 seconds.

VIP Purple

These are redirects which are

These are redirects which are not allowed on the ASA. Probably you have choosen a network-layout that does not fit the need of the ASA. The old rule "the ASA is not a router" is still valid. Another possibility is just misconfigured routing. Please share a network-diagram and your routing-config.

Community Member

Hi, Lwen. The topology is

Hi, Lwen. 

The topology is quite simple, the ASA is just the gateway of 172.19.9/10.0. I managed to configure "icmp permit any redirect Trust". but it did not work. I am quite confuse about this log

VIP Purple

As far as I remember, the ASA

As far as I remember, the ASA doesn't allow redirects regardless what you configure. But at least there should be an internal router for one or more of the additional subnets? Again: A diagram and the config would help.

804
Views
0
Helpful
4
Replies
CreatePlease to create content