Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

ICMP traffic in firewall logs

Hi,
I am reviewing firewall logs and I am trying to understand this line.


Jan 18 10:08:39 logapps %ASA-6-303021: Teardown ICMP connection for faddr 141.000.100.2/0 gaddr 141.000.63.159/0 laddr 141.000.63.159/0


What does the faddr / gaddr and laddr mean?  Since it is a ping, one is the initator of the ping, the current address and the final address.... is that correct?

Thanks!
0
NYGiantsFan
Asked:
NYGiantsFan
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
SvenIACommented:
foreign address (one not in control by this ASA/router)

global address (after NAT)

local address (pre NAT)

So you are correct.....
0
 
MiftaulCommented:
Scott says This
0
 
SvenIACommented:
@Miftaul

Isn't that exactly the same as what i posted?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
NYGiantsFanAuthor Commented:
The foreign address originated with our network?  Or is this nated.

What is the different between the global address and the local address?  They are appearing as the same.   Thanks.
0
 
MiftaulCommented:
@SvenIA, yes thats it. I am on mobile, screen doesn't refresh. I didn't notice your comment earlier.
0
 
MiftaulCommented:
global address and the local address could be same when you are pinging from within ASA.
0
 
amatson78Sr. Security EngineerCommented:
Sounds like that faddr might be a VPN address which is why it shows internal, do you run a VPN on that range?
0
 
NYGiantsFanAuthor Commented:
Thanks!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now