PIX-1-106021: Deny TCP reverse path check from 192.168.0.150 to 192.168.0.250 on interface dmz
106021: Someone is attempting to spoof an IP address on an inbound connection. Unicast Reverse Path Forwarding (Unicast RPF), also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your firewall.
but extraly, we have virtual ip with netscaler in the dmz, then do http://virtual ip address, from 192.168.0.150, phisical server ip is 192.168.0.250. How to fix or disable Unicast Reverse Path Forwarding? if disable, what is happend?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...