11-14-2006 04:00 PM - edited 03-09-2019 04:53 PM
I have 2 ASA5520's in a Active/Standby configuration connected by a crossover cable.
Primary Firewall Failover Interface: 10.0.0.1
Secondary Firewall Failover Interface: 10.0.0.2
I look at my syslogs and keep getting the following messages:
11-14-2006 18:55:23 Local4.Critical 192.168.1.1 Nov 14 2006 19:03:27: %ASA-2-106006: Deny inbound UDP from 192.168.2.11/137 to 10.10.10.10/137 on interface inside
11-14-2006 18:55:23 Local4.Critical 192.168.1.1 Nov 14 2006 19:03:27: %ASA-2-106006: Deny inbound UDP from 192.168.2.11/137 to 10.255.255.10/137 on interface inside
192.168.2.11 is my Domain Controller/DNS/Veritas Backup Exec Server
Any ideas?
11-14-2006 05:30 PM
Hi .. do you have any access-list being applied to the inside interface ..? You might be blocking UDP 137
11-14-2006 05:35 PM
Looks like normal windows netbios traffic.
NetBIOS name service (UDP)
Firewall administrators will frequently see large numbers of incoming packets to port 137. This is due to the behavior of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the "gethostbyaddr()" function. As users behind the firewalls surf Windows-based web sites, those servers will frequently respond with NetBIOS lookups.
sincerely
Patrick
11-15-2006 06:54 AM
Thanks for the answers but the 10.0.0.0 network here is used only for Failover Network. Where should I disable these broadcasts ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide