So we've got an ASA 5510 setup and I was looking through the syslog for it today and I've noticed a strange message and I'm not exactly sure where it's coming from or if it's anything to worry about.
There are a few things that make this odd, first being that the source ip address is the destination is the subinterface of the router, which has access lists on the interface going in to deny and 192.168.0.0/16 traffic ip/tcp/udp/icmp. I also added an access list on the interface connecting the router to the firewall to deny any 192.168.0.0/16 traffic. The firewall also has 192.168.0.0/16 blocked both incoming and outgoing for ip/tcp/udp/icmp.
So first, what could be causing this? There are no entries in any of the routing tables for any 192.168 address I'm not able to ping them from either the firewall or router. Everything is explicitly blocked but some how it's still able to fill up my syslog with these messages. If nothing else they're annoying and take up time/space reading through important messages.
There are a few things that make this odd, first being that the source ip address is the destination is the subinterface of the router, which has access lists on the interface going in to deny and 192.168.0.0/16 traffic ip/tcp/udp/icmp. I also added an access list on the interface connecting the router to the firewall to deny any 192.168.0.0/16 traffic. The firewall also has 192.168.0.0/16 blocked both incoming and outgoing for ip/tcp/udp/icmp.
So first, what could be causing this? There are no entries in any of the routing tables for any 192.168 address I'm not able to ping them from either the firewall or router. Everything is explicitly blocked but some how it's still able to fill up my syslog with these messages. If nothing else they're annoying and take up time/space reading through important messages.
" as the html content. And finally ICMP type 3, is a Destination unreachable message. Does any of this look familiar? What is 10.165.80.1?
Facebook
Twitter