06-14-2014 06:17 AM
Can this configuration on ASA be a cause of a "%ASA-2-106017: Deny IP due to Land Attack from 17.18.19.20 to 17.18.19.20" syslog message.
interface Ethernet0/0
nameif outside
security-level 0
ip address 17.18.19.101 255.255.255.128 standby 17.18.19.102
!
interface Ethernet0/1
duplex full
nameif inside
security-level 100
ip address 172.16.20.1 255.255.255.0 standby 172.16.20.2
!
object network users_VPN_net
subnet 192.168.20.0 255.255.255.0
!
object network users_VPN_net
nat (outside,outside) dynamic 17.18.19.20
As an additional information I can say that we see this syslog messages only during business days from Monday to Friday starting at 08:00 am and ending at 06:00pm.
Thank you
06-16-2014 01:19 AM
Have you enabled "same-security-traffic permit intra-interface"??
06-20-2014 07:03 AM
Yes Rahul both intra and inter traffic are enabled.
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
Connectivity wise we don't have any issues, just this log message that is constantly coming into our syslog server.
"%ASA-2-106017: Deny IP due to Land Attack from 17.18.19.20 to 17.18.19.20"
06-23-2014 05:26 AM
Can you post the output of following command-
packet-tracert input outside tcp 192.168.20.10 2000 1.1.1.1 80 detail
I guess there is some misconfiguration in NAT because land attack means if the source and destination of IP packet is same. Are vpn users trying to access IP 17.18.19.20?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide