Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny UDP reverse path check from

I Got This so much log forn my cisco asa

Deny UDP reverse path check from 172.16.38.114 to 192.168.2.1 on interface outside

172.16.38.114 is in my inside interface

192.168.2.1 <-- i dont know where, not in my enterprise LAN

what cause this log ?

how to overcome ?

1 REPLY
New Member

Deny UDP reverse path check from

Hi Ibrahim,

The ASA is just reporting that you are receiving a packet on an interface where it shouldn't be received, based on the routing table.

So if  172.16.38.114 is on your Inside it is expected for the ASA to display that message if you are getting a pcket with that source IP address on the Outside interface.

You would need to troubleshoot here why those packets are being received on the Outside in the first place. You can set some captures on the ASA Outside interface and then check the source MAC address in the packet in order to have a clue about from what kind of device you are receiving those packets.

If troubleshooting this gets complicated at the moment you can remove the following command from the ASA and you won't see those logs anymore:

ip verify reverse-path interface outside

This is the command that enables the RPF check on the ASA.

I hope it helps!



4642
Views
0
Helpful
1
Replies
CreatePlease to create content