Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny IP due to Land Attack from publicip to publicip

I have a web app that plays mp3's from one account on the server (website) on another account on the server, when this is attempted, I get

Deny IP due to Land Attack from {publicip} to {publicip}

I know and understand the error, I found it on the support pages, I understand that its becuase the source and destination are the same, but can anyone tell me how to allow this particular thing? Is this just a access rule? how do you set that up?

VIP Purple

Re: Deny IP due to Land Attack from publicip to publicip

that's probably a misconfiguration on the server. Your ASA should never see that traffic as it shound stay locally on the server.

Sent from Cisco Technical Support iPad App

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
New Member

Re: Deny IP due to Land Attack from publicip to publicip

Any Suggestions?

Here is what I'm trying to do.

I have an mp3 player that looks in a specific directory for files, it then plays those files and the playlist, it autodiscovers what is in the folder.

There are four websites on this server, one of them is the main, and the other three have the players, the person that uploads the mp3's doesn't want to upload them four times, so they upload them to one website, then the other three websites use a php file to read the folder from the other accounts.

Right now the player works, and the playlist shows up, but the mp3's do not play.

The firewall gives me the land attack in the syslog, but I'm not exactly sure how to allow this to happen. I do have openbas_dir open on these accounts in the server, so I'm not sure why it wouldn't work after the firewall was installed.

Just looking for options, if you have any.

Re: Deny IP due to Land Attack from publicip to publicip

Hello Spin,

The ASA will never allow this traffic as source and destination IP address is the same,

You will need to change the settings on the server in such a way that the traffic goes to the private IP address of the server so it never needs to reach the ASA,

Do you follow me?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at


Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CreatePlease login to create content