Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Assistance tracing host on 172.24... host

Hello, i noticed large amount of denyed icmp packets showin gin our syslog that is originated and destined for ip addresses not on our network.

"Deny icmp src <inside-vlan-interface>:172.24.3.30 dst <outside-interface>:172.24.3.17 (type 8, code 0) by access-group "inside_ACL_in" [0x0, 0x0].

We do have ip range of 172.16.x.x but it is for mpls traffic; all our internal ip addresses are on 192.x.x.x or 10.x.x.x

Do you guys have any ideas how to start troubleshooting this? Traceroute to either of these two ip addresses does not go any further than some of ISP's routers. Could you please provide info about any tool(s) tat you might be usefull trying to find the source of this traffic. Would Netflow help with this? thanks

2 REPLIES
Silver

Re: Assistance tracing host on 172.24... host

You can't able to traceroute the particular network when you enabled ICMP blocking in your network.

New Member

Re: Assistance tracing host on 172.24... host

I was able to tracert from outside interface up to three hops to one of MPLS router. Then, i implement temporary acl preventing traffic from 172.24; then check the debug on firewall until i noticed there is no more denied icmp from 172.24

After that i was able to pinpoint network where this ip address was located. After that i talked to ISP and we managed to stop this from happening.

Yes, i have to disable icmp blocking first.

Thanks

259
Views
0
Helpful
2
Replies