Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

blocked packets destined to 169.254.196.189

All,

I am seeing quite a few of the following denied message logs:

Deny udp src inside:10.1.2.166/137 dst outside:169.254.196.189/137 by access-group "inside_access_in"

169.254.196.189 is a well known address. Why would a machine be trying to send to that address?

T.

4 REPLIES
Community Member

Re: blocked packets destined to 169.254.196.189

Hi,

You may want to try to do a packet capture from the paticular source ip 10.1.2.166 to the destination 169.254.196.189. THis way you will see what kind of traffic is being sent / received. once you know this you can analyze

Community Member

Re: blocked packets destined to 169.254.196.189

can you also check if you have any acl's blocking the flow.

Community Member

Re: blocked packets destined to 169.254.196.189

My problem is not that the flow is blocked. The problem is that 169.254.196.189 is a non-routed IP that is given by windows when a system doesn't have an IP address configured (or cannot get a DHCP address). So, why is host 10.1.2.136 trying to send traffic to that IP?

Re: blocked packets destined to 169.254.196.189

Occasionally a device gets the 169 address (usually failed DHCP), but once it gets a valid IP it registers to DNS with the 169 address. Check your DNS table and make sure there are no 169 addresses. In this case 10.1.2.136 queries DNS to lookup the IP for SERVER1. DNS reports back 169 and it then goes out the default gateway and you see the drops. It's a long shot, but it does happen!

247
Views
0
Helpful
4
Replies
CreatePlease to create content