?
Solved

Deny UDP reverse path..why

Posted on 2003-03-09
3
Medium Priority
?
10,262 Views
Last Modified: 2012-08-14
hi..i am implementing a PIX site to site VPN but in my loggs i am continuously getting this message

106021: Deny udp reverse path check from 192.168.40.1 to 255.255.255.255 on interface outside
is thsi anything seriouse?
what could be the reason for this and how can i stop this?

samir
0
Comment
Question by:samprav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 150 total points
ID: 8102583
Here's the book answer:

%PIX-1-106021: Deny protocol reverse path check from _addr to dest_addr on interface int_name

Explanation   Someone is attempting to spoof an IP address on an inbound connection. Unicast Reverse Path Forwarding, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes it to be part of an attack on your PIX Firewall.

Action This message appears when you have enabled Unicast Reverse Path Forwarding with the ip verify reverse-path command. This feature works on packets input to an interface; if it is configured on the outside, then PIX Firewall checks packets arriving from the outside.

PIX Firewall looks up a route based on the _addr. If an entry is not found and a route is not defined, then this syslog message appears and the connection is dropped.

If there is a route, PIX Firewall checks which interface it corresponds to. If the packet arrived on another interface, then it is a spoof or there is an asymmetric routing environment. PIX Firewall does not support asymmetric routing (where there is more than one path to a destination).

If configured on an internal interface, PIX Firewall checks static route command statements or RIP and if the _addr is not found, then an internal user is spoofing their address.

An attack is in progress. With this feature enabled, no user action is required. PIX Firewall repels the attack.


What does it mean and what can you do to stop it?
In your PIX configuration, you have the inside interface with a 172.x.x.x ip address and a default route outside. This source address of 192.168.40.1 has no route on the PIX which is causing this message. If you have another router on the inside of the PIX with the 192.168.x.x addresses, simply add another route statement to the PIX:

route inside 192.168.0.0 255.255.0.0 172.24.80.32

Above is example only since I don't know the layout of your inside network.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8187933
G'day, samprav
There has not been any activity on this question in 12 days.
Do you still need assistance, need more information, or have you solved your problem?
Can you close out this question?

Ways to close your questions:
http://www.apollois.com/EE/Help/Closing_Questions.htm

0
 

Expert Comment

by:jaymealbrecht
ID: 24148514
I get the same thing, however, I am seeing 192.168 private addressing hitting my internal interface, that does not exist on my 10.10 network.  I get 192.168.x.1, where x changes.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question