Hi! After natting (pat) the inside network to a single outside ip-address, I lost the ssh connection to the pix-device. After logging in via the console interface I see the continuing syslog alarms about the land attack.
Oct 07 2008 11:14:33: %PIX-2-106017: Deny IP due to Land Attack from x.x.118.12 to x.x.118.12
So, I suppose there aren't any hackers around. Can anyone explain what the hell happening?
Now we have lags on the inside network and no access to pix via ssh, maybe some more problems that I still haven't discovered.
I am including the important part of the config below.
Must say that we use Cisco 3750 as a lan switch (with all the intervlan routing, the default-gateway for all the hosts is 10.x.1.1 of the PIX). After the OUTSIDE interface we got the kind of Cisco 7600 where default gateway is known via bgp and network address used for natting is known via the static route (255.255.255.255).
I have searched the Net about the problem, but the answers to the equal issue are, in most cases, lame.
There goes the partial configuration.
ip address x.x.x.4 255.255.255.240
ospf message-digest-key 1 md5 <removed>
ospf authentication message-digest
ip address 10.x.1.1 255.255.255.248 standby 10.x.x.2
# the only default gateway
route OUTSIDE 0.0.0.0 0.0.0.0 x.x.x.1 1
access-list zzz extended permit ip 10.x.2.0 255.255.255.0 any
global (OUTSIDE) 5 195.x.x.12
nat (LAN) 5 access-list zzz