Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

traffic hit subnet address

When I looked at the log of our DMZ ASA, I found a lot of 443 traffic hit a subnet IP address, 1XX.XX.3.0 and the length is 24. I am just wondering, what traffic it can be?

Thanks,

Han

7 REPLIES
Cisco Employee

Re: traffic hit subnet address

The are probably HTTPS session initiation (TCP SYN) packets, especially if the destination ip address was a http server.

What exactly did your logs show? Were they destined to the internal ip on that port?

I hope it helps.

PK

New Member

Re: traffic hit subnet address

6Nov 16 201015:31:341061001XX.X.X.2125761XX.XX.3.0443access-list outside permitted tcp outside/1XX.X.X.21(2576) -> inside/1XX.XX.3.0(443) hit-cnt 1 first hit [0xbbc8eafa, 0x0]

Here you go,

thanks,

Cisco Employee

Re: traffic hit subnet address

Is 1XX.XX.3.0 a subnet or a host for your internal network? Check what that ip translate to on the ASA.

But it seems like a HTTPS packet to 1XX.XX.3.0. You can capture it on the outside if you want using the capture command, just to make sure.

PK

New Member

Re: traffic hit subnet address

It is a subnet.

Cisco Employee

Re: traffic hit subnet address

Is your outside ACL allowing private ip packets?

Is this 8.3 and the ACL is allowing packets to the whole inside subnet?

PK

New Member

Re: traffic hit subnet address

"Is your outside ACL allowing private ip packets?"===How can I know it?

"Is this 8.3" ====

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)53

"is the ACL is allowing packets to the whole inside subnet?"

What maks you think of this?

thanks,

Cisco Employee

Re: traffic hit subnet address

I was suggesting to check if there is a rule that says "permit xxxx ".

PK

268
Views
0
Helpful
7
Replies
CreatePlease to create content