Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Troubleshoot Firewall IP Spoofing events on our Internal Network

I hope this is in the correct category - It involves our LAN and Routing/Troubleshooting.

My experience:

I have 15+ years computer, server and network support experience...but am by no means an expert. I've held my CCNA since 2001, but until the past 6 months, have never supported Cisco products on a full time basis as in my current position.

Our problem:

We have a network comprised of over 100 Cisco switches and routers, mostly utilizing 3750 model switches with approx. 1500 end-user systems in the field. We operate in a WAN environment, spread across approx. 20 miles. We utilize OSPF for routing.

Herein, I am referring to firewall responsibilities of our network.

Recent Firewall logs/reports have shown constant IP Spoofing events from our Firewall occurring on our Internal/LAN interface.

To the best of my ability, I believe some Wireless or other NICs on our network are improperly receiving Microsoft APIPA IP addresses (ie. 169.254.X.X) and as a result, are unable to route within our network - instead directed to our firewall and in turn, creating these unwanted events (hundreds upon hundreds per day).

Posting objective:

I am seeking suggestions/guidance on how I can troubleshoot, isolate and ultimately resolve these instances - if possible. How can I trace/back trace the originating source host of these incorrect IPs and their traffic?

And yes, I do have time to be proactive unlike past positions...so time is not too much a concern. However, methodology and isolation approach to resolving this problem is what I need assistance in.

Does anyone here happen to have experience in this or would anyone be able to provide some insight on how I can begin/proceed to troubleshoot this issue, with full access to all Cisco devices, even if it involves Port Mirroring and Packet Sniffing.

Any and all suggestions would be appreciated!.

I wish to thank you in advance for your assistance, as well as attention to my inquiry within!!!!

Kindest Regards.

1 REPLY
Silver

Re: Troubleshoot Firewall IP Spoofing events on our Internal Net

The Cisco IOS Firewall feature set combines existing Cisco IOS firewall technology and the new context-based access control (CBAC) feature. When you configure the Cisco IOS Firewall feature set on your Cisco router, you turn your router into an effective, robust firewall.

If you want to know more please click following URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/prod_release_note09186a0080080c54.html

221
Views
0
Helpful
1
Replies
CreatePlease to create content