| Message Code | PIX-1-106022 |
| Severity | Alert |
| Description | Deny protocol connection spoof from source_address to dest_address on interface interface_name |
| Explanation | A packet matching a connection arrives on a different interface from the interface that the connection began on. For example, if a user starts a connection on the inside interface, but the Cisco ASA detects the same connection arriving on a perimeter interface, the Cisco ASA has more than one path to a destination. This is known as asymmetric routing and is not supported on the Cisco ASA . An attacker also might be attempting to append packets from one connection to another as a way to break into the Cisco ASA . In either case, the Cisco ASA displays this message and drops the connection. |
| User Action | This message appears when the ip verify reverse-path command is not configured. Check that the routing is not asymmetric. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.