Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny TCP Reverse Path Check

I have a pix 506E and I get ~ 20 /sec of the these messages. The message is Deny tcp src outside:xxx.xxx.xxx.xxx/29977 dst inside:yyy.yyy.yyy.yyy/25 by access-group "OUTSIDE_ACCESS_IN"

Where yyy.yyy.yyy.yyy is my webserver. I realize that this means its being blocked, but its becoming a DoS due to the high number. They are comming from many different external IP addresses

2 REPLIES
Cisco Employee

Re: Deny TCP Reverse Path Check

Syslog message 106023 simply indicates that the firewall has denied a packet based on the src/dest in the syslog itself.

What I would be asking is why are so many different external servers trying to send email (TCP/25) to my web server? Is your web server an email server as well? Is your web server listed with an MX entry in DNS for your domain? If so, why are you not allowing other mail servers to send email to it?

New Member

Re: Deny TCP Reverse Path Check

Thank you for the response.

My web server is not an email server, our external DNS MX record doesn't point to the webserver. The only traffic allowed by my ACL is port 80.

I feel that we are being attacked, and I have tried tracing the Ip addresses and report them but so far I haven't succeced with any.

594
Views
0
Helpful
2
Replies