Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Impossible IP packet

We just configured a brand new router. The IDS portion of the router keeps firing on "Impossible ip packet" The source and destination addresses of the alert are the routers external ip address. Any ideas what might be causing this?

3 REPLIES
Gold

Re: Impossible IP packet

grap a copy of the packet and post it. That should help identify.

New Member

Re: Impossible IP packet

I've seen this consistently when configuring GRE/IP tunnels. I ended up disabling the ips signature.

Cisco Employee

Re: Impossible IP packet

If the IDS is presented a packet with the same IP address as both source and destination, that will trigger the "impossible IP Packet" alarm. The signature was originally written to flag packets that should not be seen on a network, including things like source IP is a broadcast address.... Normally a same IP source/dest packet would be processed on a host system's internal network loop and never be sent over the wire unless the host was misconfigured (we have seen misconfigured Linux hosts do this). With the embedding of IDS/IPS into network routing gear, it might be (apparently is) possible to have this happen in a legitimate configuration. Our suggestion would be to verify that your router config is correct and working the way you want it and if so, to either disable the signature or exlude the router's address from the alarm channel.

314
Views
10
Helpful
3
Replies
CreatePlease login to create content