SpokaneISD
asked on
Cisco ASA message
Hello Experts,
I have a Cisco ASA-5520 running version 8.4(1). I've been seeing quite a few of these messages in my syslog lately. What has me concerned is that the message says that the packet originates from the inside interface & that the source is 10.37.131.58. I have no such address space on my internal network. 192.168.1.7 is the router facing the Cisco ASA. Can someone enlighten me as to what is going on?
%ASA-4-313005: No matching connection for ICMP error message: icmp src inside:192.168.1.7 dst Outside:10.37.131.58 (type 11, code 0) on inside interface.
Original IP payload: tcp src 10.37.131.58/61004 dst 72.14.204.120/443.
I have a Cisco ASA-5520 running version 8.4(1). I've been seeing quite a few of these messages in my syslog lately. What has me concerned is that the message says that the packet originates from the inside interface & that the source is 10.37.131.58. I have no such address space on my internal network. 192.168.1.7 is the router facing the Cisco ASA. Can someone enlighten me as to what is going on?
%ASA-4-313005: No matching connection for ICMP error message: icmp src inside:192.168.1.7 dst Outside:10.37.131.58 (type 11, code 0) on inside interface.
Original IP payload: tcp src 10.37.131.58/61004 dst 72.14.204.120/443.
ASKER
The message is rather confusing as there are two componants:
1: No matching connection for ICMP error message: icmp src inside:192.168.1.7 dst Outside:10.37.131.58
2: Original IP payload: tcp src 10.37.131.58/61004 dst 72.14.204.120/443.
So which is the ACTUAL source IP?
If the source of 192.168.1.7 is the real inside source, I can't figure out why my router would be trying to ping that destination address.
1: No matching connection for ICMP error message: icmp src inside:192.168.1.7 dst Outside:10.37.131.58
2: Original IP payload: tcp src 10.37.131.58/61004 dst 72.14.204.120/443.
So which is the ACTUAL source IP?
If the source of 192.168.1.7 is the real inside source, I can't figure out why my router would be trying to ping that destination address.
Hmm... Good question. Do you have a VPN tunnel to someplace that uses 10.x.x.x addressing?
Looks like the original payload is HTTPS (destination port 443).
Looks like the original payload is HTTPS (destination port 443).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So as it turns out 10.37.131.58 is on another internal network that is connected to my main internal network. This network has a different group of administrators & they were inadvertently sending traffic towards me that should have been going out their firewall.
icmp src inside:192.168.1.7 dst Outside:10.37.131.58