Hi all,
Hopefully you can help with a problem I am having with Cisco syslog message ASA-2-106016.
Basically we have a /27 public address range in our network and during testing we are trying to prove that the access-lists on our firewall is behaving as it should. The access-list allows through any traffic from the /27 network on the inside interface and blocks any traffic between the /27 network into the outside interface. Therefore if we try to connect to ourselves the traffic should be stopped coming back in on the outside interface.
What is actually happening is that one address is actually being stopped from getting into the inside interface and the syslog message is "Deny IP spoof from (our IP address) to (broadcast address of our range) on interface inside". Addresses either side of the blocked address work so we don't think it could be misconfiguration of mask.
Would anyone have an idea as to why this happens?
Many thanks,
Chris