Solved

Cisco Firewall ASA5520 Syslog lots of errors showing

Posted on 2011-03-15
5
1,207 Views
Last Modified: 2013-11-29
I have alot of errors showing up on the cisco firewall syslog. i have no idea what it means.
Its coming from two internal ip addresses. something with a broadcast.
could someone tell me what is the cause of it and how do i stop it?

asa-2-106006 local3 critical mar 15 2011 14:31:14: %%asa-2-106006: deny inbound udp from 192.16.1.105/1025 to 192.16.255.255/694 on interface inside  

asa-2-106006 local3 critical mar 15 2011 14:31:14: %%asa-2-106006: deny inbound udp from 192.16.1.103/1025 to 192.16.255.255/694 on interface inside  

Thanks
0
Comment
Question by:mrbrain646
5 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35141962
deny inbound udp from 192.16.1.105/1025 to 192.16.255.255/694 on interface inside  

There is a host at 192.16.1.105 that is broadcasting to 192.16.255.255.   I would assume that the host is on a 16 bit subnet mask of 255.255.0.0 and that the ASA has its internal interface on the 192.16.x.x network as well.    

Since the ASA's inside interface shares a subnet with end user hosts, you are going to see broadcast traffic.    No getting around it.  

To avoid this, if the client has a layer 3 switch or another router available, I setup a 2 host subnet between the ASA and the switch and let the switch route traffic to the internal VLANs.    So the ASA never sees broadcasts from the internal hosts.      The ASA only needs a route to send traffic internally.

0
 
LVL 5

Accepted Solution

by:
torvir earned 500 total points
ID: 35141963
It seems like you are running linux ha-clusters on the inside LAN. And that it runs in broadcast mode.
If you have linux ha clusters you can change to multicast mode to get rid of the error messages in the firewall.
More info at http://linux-ha.org/wiki/FAQ
 
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35144974
No matter of the cause of the traffic, it looks weird that that logging message is logged as critical (level 2). It is not that critical and I suggest you to tune it out, and it will probably not be logged any more (depending on your logging settings of course).

Add the following command:
logging message 106006 level 5

Best regards
Kvistofta
0
 
LVL 5

Expert Comment

by:torvir
ID: 35146442
I just want to clearify that if you change the level for message 106006 from 2 to 5, as Kvistofta says, all denied inbound UDP packets will be logged at level 5.
So you don't get critical (level 2) logg messages even for real attempts. They are coming as notifications (level 5).
This could be of importance if you have a monitoring system that alerts only if the logg message is of a certain level.
0
 
LVL 4

Author Closing Comment

by:mrbrain646
ID: 35156959
load balancer set with wrong subnet mask
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now