02-07-2008 01:02 PM - edited 03-09-2019 08:04 PM
On my SSM-20 I'm seeing a lot of traffic from a 192.168.0.X address. Obviously it's a scanner of some sort. I'm curious as to why the packet is even being passed to the SSM by the ASA. The ASA should be getting it from the "outside" interface and dropping it. I'm surprised it even gets as far as the SSM. Do I have a misconception on how the ASA handles this type of traffic? The ports are 0 for both the source and destination address.
02-12-2008 01:43 PM
hmm.. the source 192.168.x.x seems a private range..is this traffic hitting from inside interface ? if yes then its normal for ASA to pass it on to the SSM module where it will be eventually dropped, however there is no way firewall would allow this packet from outside interface..can you set packet captures to determine this
which code on ASA ?
02-14-2008 07:14 AM
I'm on 7.2(2) with the ASA and 6.0.2 for the SSM. It is certainly coming in from the outside. I don't have that address range on the inside of my network. I'm just surprised that the ASA is even passing it on to the SSM before it is dropped.
02-16-2008 10:11 AM
can you paste here what kind of traffic
do you see any connection entry or xlate entry for it ?
sh conn detail | inc
sh xlate detail | inc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide