Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Firewall log interpretation.

Hello All,

I just installed my ASA 5505 and the firewall log showed that it denied a connection from Ip address 74.9.151.50 every second. Please see the attached file.

What does the log message indicate and how to stop

ip address 74.9.151.50 from attacking my ASA.

Thank you for your help!!

5 REPLIES
New Member

Re: Firewall log interpretation.

do you have an icmp policy configured on your asa?

Try the following to check:

sh run | grep icmp

New Member

Re: Firewall log interpretation.

Thanks,

Here is the output:

ASA-ST# sh run | grep icmp

icmp unreachable rate-limit 1 burst-size 1

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

New Member

Re: Firewall log interpretation.

The icmp type and code is the clue here, Type 11 code 0 = Time to Live exceeded in Transit.

This generally points to a routing loop in a path to a particular host. However, these blocked packets could be response packets to an outbound traceroute test.

New Member

Re: Firewall log interpretation.

Thanks again,

What would you recommend?

New Member

Re: Firewall log interpretation.

Well, I would check to see if someone was trying a traceroute test at the time.

It all depends if you want to allow traceroutes out of your network. If not, do nothing, your firewall is working as it should.

If you do, you will need to allow the icmp packets back into your network using an ACL.

178
Views
0
Helpful
5
Replies
CreatePlease to create content