Solved

Cisco Firewall ASA5520 Syslog lots of errors showing

Posted on 2011-03-15
5
1,203 Views
Last Modified: 2013-11-29
I have alot of errors showing up on the cisco firewall syslog. i have no idea what it means.
Its coming from two internal ip addresses. something with a broadcast.
could someone tell me what is the cause of it and how do i stop it?

asa-2-106006 local3 critical mar 15 2011 14:31:14: %%asa-2-106006: deny inbound udp from 192.16.1.105/1025 to 192.16.255.255/694 on interface inside  

asa-2-106006 local3 critical mar 15 2011 14:31:14: %%asa-2-106006: deny inbound udp from 192.16.1.103/1025 to 192.16.255.255/694 on interface inside  

Thanks
0
Comment
Question by:mrbrain646
5 Comments
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
deny inbound udp from 192.16.1.105/1025 to 192.16.255.255/694 on interface inside  

There is a host at 192.16.1.105 that is broadcasting to 192.16.255.255.   I would assume that the host is on a 16 bit subnet mask of 255.255.0.0 and that the ASA has its internal interface on the 192.16.x.x network as well.    

Since the ASA's inside interface shares a subnet with end user hosts, you are going to see broadcast traffic.    No getting around it.  

To avoid this, if the client has a layer 3 switch or another router available, I setup a 2 host subnet between the ASA and the switch and let the switch route traffic to the internal VLANs.    So the ASA never sees broadcasts from the internal hosts.      The ASA only needs a route to send traffic internally.

0
 
LVL 5

Accepted Solution

by:
torvir earned 500 total points
Comment Utility
It seems like you are running linux ha-clusters on the inside LAN. And that it runs in broadcast mode.
If you have linux ha clusters you can change to multicast mode to get rid of the error messages in the firewall.
More info at http://linux-ha.org/wiki/FAQ
 
0
 
LVL 17

Expert Comment

by:Kvistofta
Comment Utility
No matter of the cause of the traffic, it looks weird that that logging message is logged as critical (level 2). It is not that critical and I suggest you to tune it out, and it will probably not be logged any more (depending on your logging settings of course).

Add the following command:
logging message 106006 level 5

Best regards
Kvistofta
0
 
LVL 5

Expert Comment

by:torvir
Comment Utility
I just want to clearify that if you change the level for message 106006 from 2 to 5, as Kvistofta says, all denied inbound UDP packets will be logged at level 5.
So you don't get critical (level 2) logg messages even for real attempts. They are coming as notifications (level 5).
This could be of importance if you have a monitoring system that alerts only if the logg message is of a certain level.
0
 
LVL 4

Author Closing Comment

by:mrbrain646
Comment Utility
load balancer set with wrong subnet mask
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
optimal method deal ransomware in files folders 9 54
NSD FAIL 2 19
cisco VIRL 2 11
stacking Catalyst 3650 11 9
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now