I am periodically getting entries in my syslog like the following:
%PIX-3-305005: No translation group found for icmp src outside:10.4.188.13 dst inside:10.4.189.51 (type 5, code 0)
I've seen this error before, but this time it's weird because both of those addresses are private and on the inside interface. Could someone be spoofing the 10.4.188.13 address, or is it more likely that I have something configured incorrectly?
During one such instance of this "attack" I got an entry per second for about 4 minutes. I added the following line to my ACL on the outside interface, but the entries still appear.
access-list acl_outside deny ip 10.4.188.0 255.255.252.0 any
Your network is being port scanned form the outside, I presume your PIX is denying this!!!
Add this to your config to make your inside network invisible to the outside : icmp deny any outside
Also as a security check go to http://www.grc.com and test your network using 'shields Up' for any 'holes' on your network - grc.com, shields Up is a secure connection and I've use it for network penetration testing.
Do the test first without the above mentioned command and then with the configured command. Makesure to save the config with cmd 'write memory' and also worth doing command 'clear xlate'
I ran the Shields Up scan and there were no open ports detected. What's strange though is I use NAT and those internal addresses should be blind to the outside world. But just to confirm, you think someone is spoofing my 10.4.188.13 address?
No you are not being spoofed, basically some inside client is sending icmp traffic from one inside client to another inside client and there's no tranlation on the PIX config for this, so this shows up as the stated error message : pix-3-305005 : no translation group.
Sorry I read your question to quickly... But if you want your inside network to be invisible to the outside world (good idea) then excute the formentioned command i.e. icmp deny any outside, this way if anyone from the outside tries to scan your inside network using icmp then they'll be denied.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...