Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2652
Views
0
Helpful
3
Replies

Deny IP Spoof logs on ASA

shanilkumar2003
Level 1
Level 1

‎03-10-2012 09:57 PM - edited ‎03-11-2019 03:40 PM

Hi

Iam getting frequent logs of "Deny IP Spoof" in my ASA . All logs indicating Spoofing from Primary to Secondary address ,below 172.16.15.3 is my primary and 172.16.15.4 is my secondary ip address of DMZ in Active/Active failover.

%ASA-2-106016: Deny IP spoof from (172.16.15.3) to 172.16.15.4 on interface partners

%ASA-2-106016: Deny IP spoof from (192.168.0.1) to 192.168.0.2 on interface inside

interface GigabitEthernet0/0.200

mac-address 000c.f242.4abc standby 020c.f242.4abc

nameif partners

security-level 10

ip address 172.16.15.3 255.255.255.0 standby 172.16.15.4

interface GigabitEthernet0/1

mac-address 000c.f542.4abc standby 020c.f542.4abc

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.224 standby 192.168.0.2

Appreciate your help to findout any real attack is there or this logs is due to any default behaviour.

Thanks in Advance..

Shanil

Labels:
0 Helpful
3 Replies 3

sean_evershed
Level 7
Level 7

‎03-11-2012 01:22 AM

Hi, I wonder if the two firewalls are out of synch?

Can you post the output of show failover for both firewalls?

0 Helpful

shanilkumar2003
Level 1
Level 1
In response to sean_evershed

‎03-11-2012 09:55 AM

Hi

Please find below

FW01/Rack1# sh failover
Failover On
Last Failover at: 08:04:39 UTC Nov 18 2011
        This context: Active
                Active time: 9858841 (sec)
                  Interface outside (194.170.210.62): Normal (Waiting)
                  Interface partners (172.16.15.3): Normal (Waiting)
                  Interface inside (192.168.0.1): Normal (Waiting)
                  Interface serverdmz (172.16.11.1): Normal (Waiting)
                  Interface cardsdmz (172.16.21.1): Normal (Waiting)
        Peer context: Standby Ready
                Active time: 3161 (sec)
                  Interface outside (194.170.210.63): Normal (Waiting)
                  Interface partners (172.16.15.4): Normal (Waiting)
                  Interface inside (192.168.0.2): Normal (Waiting)
                  Interface serverdmz (172.16.11.5): Normal (Waiting)
                  Interface cardsdmz (172.16.21.3): Normal (Waiting)

Stateful Failover Logical Update Statistics
        Status: Configured.
        Stateful Obj    xmit       xerr       rcv        rerr     
        RPC services    0          0          0          0        
        TCP conn        342767375  0          67992      0        
        UDP conn        257237565  0          64032      0        
        ARP tbl         74273889   0          2023       0        
        Xlate_Timeout   0          0          0          0        
        IPv6 ND tbl     0          0          0          0        
        SIP Session     921        0          0          0

FW01/Rack2# sh failover
Failover On
Last Failover at: 06:54:34 UTC Nov 18 2011
        This context: Active
                Active time: 9858983 (sec)
                  Interface outside (194.170.210.64): Normal (Waiting)
                  Interface partners (172.16.15.1): Normal (Waiting)
                  Interface inside (192.168.0.9): Normal (Waiting)
                  Interface serverdmz (172.16.11.251): Normal (Waiting)
                  Interface cardsdmz (172.16.21.4): Normal (Waiting)
        Peer context: Standby Ready
                Active time: 3356 (sec)
                  Interface outside (194.170.210.65): Normal (Waiting)
                  Interface partners (172.16.15.2): Normal (Waiting)
                  Interface inside (192.168.0.10): Normal (Waiting)
                  Interface serverdmz (172.16.11.252): Normal (Waiting)
                  Interface cardsdmz (172.16.21.5): Normal (Waiting)

Stateful Failover Logical Update Statistics
        Status: Configured.
        Stateful Obj    xmit       xerr       rcv        rerr     
        RPC services    0          0          0          0        
        TCP conn        52946971   0          3928       1        
        UDP conn        34474743   0          4409       0        
        ARP tbl         68800471   0          150        0        
        Xlate_Timeout   0          0          0          0        
        IPv6 ND tbl     0          0          0          0        
        SIP Session     284        0          0          0   

0 Helpful

shanilkumar2003
Level 1
Level 1
In response to shanilkumar2003

‎03-17-2012 03:03 AM

Appreciate your help

Thanks

Shanil

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card