Solved

ICMP traffic in firewall logs

Posted on 2014-01-23
8
512 Views
Last Modified: 2014-02-04
Hi,
I am reviewing firewall logs and I am trying to understand this line.


Jan 18 10:08:39 logapps %ASA-6-303021: Teardown ICMP connection for faddr 141.000.100.2/0 gaddr 141.000.63.159/0 laddr 141.000.63.159/0


What does the faddr / gaddr and laddr mean?  Since it is a ping, one is the initator of the ping, the current address and the final address.... is that correct?

Thanks!
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 7

Accepted Solution

by:
SvenIA earned 250 total points
ID: 39803594
foreign address (one not in control by this ASA/router)

global address (after NAT)

local address (pre NAT)

So you are correct.....
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39803629
Scott says This
0
 
LVL 7

Expert Comment

by:SvenIA
ID: 39803642
@Miftaul

Isn't that exactly the same as what i posted?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:NYGiantsFan
ID: 39803753
The foreign address originated with our network?  Or is this nated.

What is the different between the global address and the local address?  They are appearing as the same.   Thanks.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39803785
@SvenIA, yes thats it. I am on mobile, screen doesn't refresh. I didn't notice your comment earlier.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39803921
global address and the local address could be same when you are pinging from within ASA.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 39808967
Sounds like that faddr might be a VPN address which is why it shows internal, do you run a VPN on that range?
0
 

Author Closing Comment

by:NYGiantsFan
ID: 39832933
Thanks!
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA NAT rule change 3 83
Cisco AnyConnect VPN 4 44
Samples DNS record setting. 5 56
Ip scheme change 1 31
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question