Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5540 with a SSM20 and seeing 192.168.0.X addresses

On my SSM-20 I'm seeing a lot of traffic from a 192.168.0.X address. Obviously it's a scanner of some sort. I'm curious as to why the packet is even being passed to the SSM by the ASA. The ASA should be getting it from the "outside" interface and dropping it. I'm surprised it even gets as far as the SSM. Do I have a misconception on how the ASA handles this type of traffic? The ports are 0 for both the source and destination address.

3 REPLIES
Cisco Employee

Re: ASA5540 with a SSM20 and seeing 192.168.0.X addresses

hmm.. the source 192.168.x.x seems a private range..is this traffic hitting from inside interface ? if yes then its normal for ASA to pass it on to the SSM module where it will be eventually dropped, however there is no way firewall would allow this packet from outside interface..can you set packet captures to determine this

which code on ASA ?

New Member

Re: ASA5540 with a SSM20 and seeing 192.168.0.X addresses

I'm on 7.2(2) with the ASA and 6.0.2 for the SSM. It is certainly coming in from the outside. I don't have that address range on the inside of my network. I'm just surprised that the ASA is even passing it on to the SSM before it is dropped.

Cisco Employee

Re: ASA5540 with a SSM20 and seeing 192.168.0.X addresses

can you paste here what kind of traffic

do you see any connection entry or xlate entry for it ?

sh conn detail | inc

sh xlate detail | inc

127
Views
0
Helpful
3
Replies
CreatePlease to create content