Cisco ASDM Log (Deny Reverse Path Check) in Security http://www.dslreports.com/forum/r18575729 en Sat, 05 Dec 2009 16:28:21 EDT Sat, 05 Dec 2009 16:28:21 EDT Re: Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18581760 bmn :
said by tekmunki See Profile :

"show arp" didn't give me anything related to the 169 addresses, what other method did you have in mind to find the mac?

I can easily track the mac down if I can find it. :)
You will need a hub that you can place between all the uplinks to the router and the actual router itself. You will then need to download Wireshark ( »www.wireshark.org/ ) and capture packets from the wire in promiscuous mode to grab the MAC address.

If you don't have a hub, you'll have to use port mirroring. Port mirroring is the preferred method, BTW, as it will cause the least amount of disruption to the network.

Ignore the port mirroring part... Just realized you are using an ASA and it doesn't have the ports to do it IIRC (you need at least TWO on the LAN side).
--
Prove it...
Save the Internet Time (NTP) service, use the pool.]]> http://www.dslreports.com/forum/remark,18581760 Thu, 28 Jun 2007 14:48:44 EDT Re: Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18580528 tekmunki :
said by Lanik See Profile :

said by tekmunki See Profile :

... I assume something is misconfigured internally- however, tracking it could be a feat. :o
That would be my first guess. How many clients are connected to this router?
Today, only around 50 clients.
--
TekMunki
"There are 10 types of people in this world, those who understand binary and those who don't."

www.tekmunki.com]]> http://www.dslreports.com/forum/remark,18580528 Thu, 28 Jun 2007 10:40:06 EDT Re: Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18580504 tekmunki : "show arp" didn't give me anything related to the 169 addresses, what other method did you have in mind to find the mac?

I can easily track the mac down if I can find it. :)
--
TekMunki
"There are 10 types of people in this world, those who understand binary and those who don't."

www.tekmunki.com]]> http://www.dslreports.com/forum/remark,18580504 Thu, 28 Jun 2007 10:34:12 EDT Re: Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18579703 bmn : »forums.cisco.com/eforum/servlet/···1dd9020e

As for tracking it down... You could try logging into the CLI of the ASA, get the MAC address (it should have it in it's cache) and then do a lookup of the manufacturer. Assuming you have managed switches, you can then login to the various switches and track the MAC address down to a specific switch port.

Used to do this kind of stuff all the time. We wouldn't know the exact location of a system, so we would follow the ports where the MAC address is showing up back to the last switch and we would find the port it is attached to.
--
Prove it...
Save the Internet Time (NTP) service, use the pool.]]> http://www.dslreports.com/forum/remark,18579703 Thu, 28 Jun 2007 04:58:07 EDT Re: Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18576739 Lanik :
said by tekmunki See Profile :

... I assume something is misconfigured internally- however, tracking it could be a feat. :o
That would be my first guess. How many clients are connected to this router?
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,18576739 Wed, 27 Jun 2007 16:45:20 EDT Cisco ASDM Log (Deny Reverse Path Check) http://www.dslreports.com/forum/remark,18575729 tekmunki : I started seeing these in my Cisco 5520 logs... Any idea what could be causing it?

My "INSIDE" network is 172.168.0.0/16

Should I be concerned? The IP is an internal reserved, I assume something is misconfigured internally- however, tracking it could be a feat. :o
Click for full size
]]> http://www.dslreports.com/forum/remark,18575729 Wed, 27 Jun 2007 13:29:36 EDT