Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP Spoofing ASA

Hi,

I am new to this field.

Kindly suggest how to enable IP spoofing on ASA.

Regards,

MItesh Manwtakar

3 REPLIES

I don't think you can get an

I don't think you can get an ASA to spoof, though it will do proxy-arp for addresses which are in use for NAT.  To allow clients to spoof 1-way through an ASA, you would have turn off "ip verify reverse-path" on the interface receiving the spoofed packets.  Obviously you won't get any reply traffic

If you can describe what you are trying to do in more detail, we might be able to offer better advice.

-- Jim Leinweber, WI State Lab of Hygiene

New Member

Hi,Thanx...I just wanted to

Hi,

Thanx...I just wanted to understand how it work in ASA.

Regards.

New Member

I want to know why I am

I want to know why I am getting below logs on my ASA 5585 SSP-60

 

Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 213.199.179.166 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.130.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 64.4.23.157 on interface ByteMobile_Traffic
Sep 10 2014 22:49:38 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 65.55.223.17 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 213.199.179.166 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.130.173 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.146 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 111.221.77.150 on interface ByteMobile_Traffic
Sep 10 2014 22:49:41 GIFRCHN01 : %ASA-2-106016: Deny IP spoof from (0.0.0.0) to 157.55.235.173 on interface ByteMobile_Traffic

 

 

I know the reasons for these denials by the IPS signature but I want to know why I am getting traffic with unknown source address. ByteMobile_Traffic is my inside interface with security level 100 and also traffic is coming from another inside interface towards this ByteMobile_Traffic interface.

 

 

174
Views
0
Helpful
3
Replies