When I enable ip spoofing on my network interfaces I see this getting logged:
Deny UDP reverse path check from 10.100.100.102 to 10.100.100.255 on interface SPECTRA-LAN
This is because interface SPECTRA-LAN (VLAN50) is the interface connected to the network with ip 10.100.100.0/24 but the interface do not have a ip address so it does not exist in the routing table I believe?
However interface INTERN do also belong to network 10.100.100.0/24 which also is the management interface and the default route for hosts in network 10.100.100.0/24, but has no vlan.
How do I solve this?
1. move the management0/0 to SPECTRA-LAN and give SPECTRA-LAN ip 10.100.100.1?
2. give SPECTRA-LAN a ip address in the 10.100.100.0 range?
3. or ??
My routing table and interface list is:
Current available interface(s):
DATA-BACKUP Name of interface Redundant1.10
DMZ Name of interface Redundant1.900
GUEST Name of interface Redundant1.990
HOSTING Name of interface Redundant1.100
Infrastruktur Name of interface Redundant1.20
Intern Name of interface Management0/0
OUTSIDE-BACKUP Name of interface Redundant1.998
PHONE Name of interface Redundant1.200
SPECTRA-LAN Name of interface Redundant1.50
outside Name of interface Ethernet0/3
Gateway of last resort is 220.127.116.11 to network 0.0.0.0
C 172.31.0.0 255.255.255.0 is directly connected, DMZ
S 192.168.200.46 255.255.255.255 [1/0] via 18.104.22.168, outside
S 192.168.200.47 255.255.255.255 [1/0] via 22.214.171.124, outside
S VPN-hosting 255.255.255.0 [1/0] via 192.168.200.1, outside
C 126.96.36.199 255.255.255.240 is directly connected, outside
S 10.100.110.0 255.255.255.0 [1/0] via 10.100.110.1, outside
C 10.10.10.0 255.255.255.0 is directly connected, GUEST
C 10.100.100.0 255.255.255.0 is directly connected, Intern
S 10.100.101.0 255.255.255.0 [5/0] via 10.100.100.252, Intern
S 10.100.0.0 255.255.0.0 [10/0] via 10.100.100.252, Intern
C 10.200.100.0 255.255.252.0 is directly connected, PHONE
C 10.199.1.0 255.255.255.0 is directly connected, Infrastruktur
C 10.199.0.0 255.255.255.0 is directly connected, DATA-BACKUP
C 192.168.254.0 255.255.255.0 is directly connected, HOSTING
S* 0.0.0.0 0.0.0.0 [1/0] via 188.8.131.52, outside
S 192.168.0.0 255.255.0.0 [5/0] via 192.168.254.1, HOSTING
The reason why you are seeing that error message is because 10.100.100.102 is connected to the wrong subnet/VLAN. It should have been connected to the Intern subnet/VLAN, however, it has incorrectly assigned/conencted to SPECTRA-LAN subnet.
Just configure 10.100.100.102 host correctly by assigning it to the correct VLAN, and you won't have that error anymore.
Redundant1.50 interface = security level 100 = SPECTRA-LAN = vlan50 (no ip address)
Subnet 10.100.100.0/24 must belong to vlan50.
Redundant1 is ethernet0/0 and ethernet0/1. Configuration allows communication between interfaces with same security level. All acl policies from subnet 10.100.100.0/24 is bound to interface and acl from allows all traffic to any less secure network.
I´m currently not sure how the fysical cabling is connected, but I´ll have to look as it seems traffic from subnet 10.100.100.0/24 can come in from both management0/0 and the redundant interfaces eth0/0 + eth0/1 ??
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :