Hi,
ASA running 8.2(5).
When vpn clients connect with a ipsec vpn client configured as a zero tunnel route (0.0.0.0/0) the ASA logs the below:
Deny UDP reverse path check from 192.168.200.47 to 192.168.11.200 on interface HOSTING
192.168.200.0/24 is the subnet where the ipsec clients gets a ip address from when connecting.
192.168.11.200 in this case the the clients own local subnet. Is it expected that the ASA box will log these messages from clients local subnet when they are connected with ipsec vpn and it is a zero tunnel configuration?
Interfaces and routes:
Current available interface(s):
DATA-BACKUP Name of interface Redundant1.10
DMZ Name of interface Redundant1.900
GUEST Name of interface Redundant1.990
HOSTING Name of interface Redundant1.100
Infrastruktur Name of interface Redundant1.20
Intern Name of interface Management0/0
OUTSIDE-BACKUP Name of interface Redundant1.998
PHONE Name of interface Redundant1.200
SPECTRA-LAN Name of interface Redundant1.50
outside Name of interface Ethernet0/3
Gateway of last resort is 1.2.3.4 to network 0.0.0.0
C 172.31.0.0 255.255.255.0 is directly connected, DMZ
S 192.168.200.46 255.255.255.255 [1/0] via 1.2.3.4, outside
S 192.168.200.47 255.255.255.255 [1/0] via 1.2.3.4, outside
S VPN-hosting 255.255.255.0 [1/0] via 192.168.200.1, outside
C 93.167.197.80 255.255.255.240 is directly connected, outside
S 10.100.110.0 255.255.255.0 [1/0] via 10.100.110.1, outside
C 10.10.10.0 255.255.255.0 is directly connected, GUEST
C 10.100.100.0 255.255.255.0 is directly connected, Intern
S 10.100.101.0 255.255.255.0 [5/0] via 10.100.100.252, Intern
S 10.100.0.0 255.255.0.0 [10/0] via 10.100.100.252, Intern
C 10.200.100.0 255.255.252.0 is directly connected, PHONE
C 10.199.1.0 255.255.255.0 is directly connected, Infrastruktur
C 10.199.0.0 255.255.255.0 is directly connected, DATA-BACKUP
C 192.168.254.0 255.255.255.0 is directly connected, HOSTING
S* 0.0.0.0 0.0.0.0 [1/0] via 1.2.3.4, outside
S 192.168.0.0 255.255.0.0 [5/0] via 192.168.254.1, HOSTING
Regards
Robert
