Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Why do I get this ?

I have 2 ASA5520's in a Active/Standby configuration connected by a crossover cable.

Primary Firewall Failover Interface: 10.0.0.1

Secondary Firewall Failover Interface: 10.0.0.2

I look at my syslogs and keep getting the following messages:

11-14-2006 18:55:23 Local4.Critical 192.168.1.1 Nov 14 2006 19:03:27: %ASA-2-106006: Deny inbound UDP from 192.168.2.11/137 to 10.10.10.10/137 on interface inside

11-14-2006 18:55:23 Local4.Critical 192.168.1.1 Nov 14 2006 19:03:27: %ASA-2-106006: Deny inbound UDP from 192.168.2.11/137 to 10.255.255.10/137 on interface inside

192.168.2.11 is my Domain Controller/DNS/Veritas Backup Exec Server

Any ideas?

3 REPLIES

Re: Why do I get this ?

Hi .. do you have any access-list being applied to the inside interface ..? You might be blocking UDP 137

Re: Why do I get this ?

Looks like normal windows netbios traffic.

NetBIOS name service (UDP)

Firewall administrators will frequently see large numbers of incoming packets to port 137. This is due to the behavior of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the "gethostbyaddr()" function. As users behind the firewalls surf Windows-based web sites, those servers will frequently respond with NetBIOS lookups.

sincerely

Patrick

New Member

Re: Why do I get this ?

Thanks for the answers but the 10.0.0.0 network here is used only for Failover Network. Where should I disable these broadcasts ?

165
Views
0
Helpful
3
Replies
CreatePlease to create content