Can anyone give me more explanation on the following and is there anything I should be doing?:
<146>Mar 05 2012 11:37:06: %ASA-2-106016: Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside
Go the following from CISCO site:
Error Message %PIX|ASA-2-106016: Deny IP spoof from (IP_address) to IP_address on
Explanation The Cisco ASA discarded a packet with an invalid source address, which may include one of the following or some other invalid address:
•Loopback network (127.0.0.0)
•Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed)
•The destination host (land.c)
To further enhance spoof packet detection, use the conduit command to configure the Cisco ASA to discard packets with source addresses belonging to the internal network. Now that the icmp command has been implemented, the conduit command has been deprecated and is no longer guaranteed to work properly.
Recommended Action Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.
The ASA is doing its job, He is seeing a packet with a source ip address of 0.1.0.4, Should this be expected?????
I mean do you have a public subnet like 0.1.0.4 in the inside of your network ( behind the asa) because he is saying traffic from that ip address as a source going to the same ip address so it is kind of a strange situation.
I would say ASA is doing its job but I would need to have the answers of the previous mentioned questions..
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
We had this exact same problem occur. This worked for us: It seems a USB Camera created a new network connection with a description of "Microsoft TV/Video Connection" on one of our PC machines. This connection had an Autoconfiguration IP Address of 0.1.0.4. We tried to just right-click and disable it, but the system would not let us because it was using some resource.
So, we opened the TCP/IP properties, then the Advanced TCP/IP settings button, and under the DNS tab we unchecked the box for "Register this connection's addresses in DNS" and rebooted. The connection was no longer shown. This seems to have solved the issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...