| Message Code | PIX-1-106021 |
| Severity | Alert |
| Description | Deny protocol reverse path check from source_address to dest_address on interface interface_name |
| Explanation | An attack is in progress. Someone is attempting to spoof an IP address on an inbound connection. Unicast RPF, also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your Cisco ASA.This message appears when you have enabled Unicast RPF with the ip verify reverse-path command. This feature works on packets input to an interface; if it is configured on the outside, then the Cisco ASA checks packets arriving from the outside. The Cisco ASA looks up a route based on the source_address. If an entry is not found and a route is not defined, then this system log message appears and the connection is dropped. If there is a route, the Cisco ASA checks which interface it corresponds to. If the packet arrived on another interface, it is either a spoof or there is an asymmetric routing environment that has more than one path to a destination. The Cisco ASA does not support asymmetric routing. If the Cisco ASA is configured on an internal interface, it checks static route command statements or RIP, and if the source_address is not found, then an internal user is spoofing their address. |
| User Action | Even though an attack is in progress, if this feature is enabled, no user action is required. The Cisco ASA repels the attack. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.