Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Deny ip Spoof


I'm using an ASA5510. I want enable VPN-Client Access, but there is always the Message: "Deny ip Spoof from (..) on Interface outside". I'm also not able to ping this device. ACL's are open and the command:

icmp permit any unreachable outside

icmp permit any outside

Could someone give me a solution?



Re: Deny ip Spoof

Hello reto,

what is the source of the spoof attack coming from ?? if it is one of these, then the PIX blocks all the spoof traffic by default, since thats the way it is supposed to work:

1) - loopback

2) broadcast address

3) land.c subnets - your same network...

If it is something else, we have to analyse what IP is that and see if it is required.. Are you not able to connect to the PIX outside at all from the internet ?? this should not be the case.. can you do a tracert and find out where it is dropping ?? Are there any other log messages on the PIX ?? Try going to internet through a laptop.. take the IP of that laptop and connect to PIX. see if there are any packets hitting the firewall with that laptop's IP ... am sure you can nail down the issue...

Hope this helps.. let us know..


CreatePlease to create content