Seeing a weird deny entry in Syslog. Two ASA's have a VPN tunnel between them, to connect 10.5.0.0/16 and 10.10.0.0/16. Traffic flows just fine between the two networks. However, we noticed on the firewall 10.10.25.8 for the 10.10.0.0/16 subnet a weird entry:
Deny udp src inside:10.5.1.1/137 dst inside:10.10.40.43/137 by access-group "inside_access_in" [0xbe9efe96, 0x0]
First off, 10.10.40.43 is not an active device. The IP is bogus. That's not the question though. The question is why would the 10.10.0.0/16 firewall show the source as being 10.5.1.1 on the Inside interface? Is this because the VPN tunnel terminates on the inside interface, so when the packet comes in, the actual source is 10.5.1.1 on the inside? However, if 10.5.1.1 pings a valid IP on the 10.10.0.0/16 subnet, there are no deny ACL entries - all traffic to valid
On the firewall, there is a static route saying:
route inside 10.10.0.0 255.255.0.0 10.10.25.2 2
... and there are no VLAN's or subnets with 10.10.40.0 subnet. Does this have something to do with the L3 switch at 10.10.25.2?
What's also odd is if I ping (from the 10.5.1.1 server) up to 10.10.39.254, I don't get that deny ACL entry. Once I start trying to ping 10.10.40.0 and up, I get that deny ACL. The 10.10.39.254 is invalid too, so what's the difference in going up to .40 in the third octet?
I'm just having a hard time trying to wrap my head around this.
Thanks
