ICMP traffic in firewall logs

Hi,
I am reviewing firewall logs and I am trying to understand this line.


Jan 18 10:08:39 logapps %ASA-6-303021: Teardown ICMP connection for faddr 141.000.100.2/0 gaddr 141.000.63.159/0 laddr 141.000.63.159/0


What does the faddr / gaddr and laddr mean?  Since it is a ping, one is the initator of the ping, the current address and the final address.... is that correct?

Thanks!
NYGiantsFanAsked:
Who is Participating?
 
SvenIAConnect With a Mentor Commented:
foreign address (one not in control by this ASA/router)

global address (after NAT)

local address (pre NAT)

So you are correct.....
0
 
MiftaulCommented:
Scott says This
0
 
SvenIACommented:
@Miftaul

Isn't that exactly the same as what i posted?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
NYGiantsFanAuthor Commented:
The foreign address originated with our network?  Or is this nated.

What is the different between the global address and the local address?  They are appearing as the same.   Thanks.
0
 
MiftaulCommented:
@SvenIA, yes thats it. I am on mobile, screen doesn't refresh. I didn't notice your comment earlier.
0
 
MiftaulConnect With a Mentor Commented:
global address and the local address could be same when you are pinging from within ASA.
0
 
amatson78Sr. Security EngineerCommented:
Sounds like that faddr might be a VPN address which is why it shows internal, do you run a VPN on that range?
0
 
NYGiantsFanAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.