Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Deny udp reverse path check

I am a lot of of Deny udp reverse path check messages on my PIX from multiple IP sources to on interface outside. I can not figure out what is causing it and how find more info.

Any tips, help or info would greatly be appreicated.



New Member

Re: Deny udp reverse path check

Hello Joel

A tip , maybe you can enable syslog messages and chek the system log messages

go to configuration mode (I assume you already did this)

! go into config mode

conf term

!see if you are alerady logging

sh logging

!set logg to monitor everything

logg monitor 6

! or set logg to console

logg console 6

!then enable messages to telnet or ssh

terminal monitor

!start logging

logg on

!to stop logging

no logg on

Post messages or search them at

there you will find the Error and System Messages Guides for every version available by message number

Hope this helps

New Member

Re: Deny udp reverse path check

Thanks for the info but I am already logging to a kiwi syslog server my error code is PIX-1-106021 by that .pdf that you mention my fear is right I am getting spoofed, or an attempt.

What I need to know it I see this with 6 or 7 different IP address. Are they all being spoofed or do I have one source doing it? How the heck do I tell the actual source of this? Each machine is an aactual IP in my subnet range, a couple or servers and a couple are workstations.

I am running ip verify reverse-path on each interface, hence why the packet is getting dropped.

I just want to find the source or sources and stop it.

Thanks again

New Member

Re: Deny udp reverse path check

Believe it or not I finally found it. We have a Trend virus wall that is causing it. It has something to do with the external port. I am trying to figure it out after finally tracking it down.

作成コンテンツを作成するには してください