Solved: Hi,

ruquantumcenter · ‎11-10-2016

Our ASA handles several external IP addresses via port-forwarding rules. ISP's router is configured to route all these IPs to our primary address. When internal clients access forwarded ports everything works as expected. However, when they try to access ports that are NOT forwarded the ASA sends alerts mentioned in subject. How can I avoid these particular alerts without reducing log levels generally?

Kanwaljeet Singh · ‎11-10-2016

Hi,

You can disable that particular message by:

(config)# no logging message 106016

Hope this helps!

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

Kanwaljeet Singh · ‎11-10-2016

Hi,

You can disable that particular message by:

(config)# no logging message 106016

Hope this helps!

Regards,

Kanwal

Note: Please mark answers if they are helpful.

ruquantumcenter · ‎11-11-2016

Hello Kanwal, your answer was very useful because I was looking for solution in terms of access lists and routing tables and completely overlook this option.

Just for the record, the following also suppresses alerts without affecting any external or internal connectivity:

access-list wan-out extended deny ip any $secondary_addresses
access-list wan-out extended permit ip any any
access-group wan-out out interface wan

How to disable following ASA message? <162>%ASA-2-106016: Deny IP spoof from ($wan_primary) to $wan_secondary on interface wan