We do have ip range of 172.16.x.x but it is for mpls traffic; all our internal ip addresses are on 192.x.x.x or 10.x.x.x
Do you guys have any ideas how to start troubleshooting this? Traceroute to either of these two ip addresses does not go any further than some of ISP's routers. Could you please provide info about any tool(s) tat you might be usefull trying to find the source of this traffic. Would Netflow help with this? thanks
I was able to tracert from outside interface up to three hops to one of MPLS router. Then, i implement temporary acl preventing traffic from 172.24; then check the debug on firewall until i noticed there is no more denied icmp from 172.24
After that i was able to pinpoint network where this ip address was located. After that i talked to ISP and we managed to stop this from happening.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...