I have small office where running cisco ASA ASA5506 and version 9.4(1)
and it's also configured for IPsec VPN tunnel, My LAN subnet is 10.1.1.0/24
So i have found very interesting things in LAN where if i ping 10.1.1.255
(broadcast address) it create nuclear reaction and my packet goes in loop and fill my LAN with traffic and my cisco ASA CPU goes 100%
This is how i stop strom, clearing conn in ASA
ASA# clear conn address <source_address_of_desktop> I believe cisco ASA participating to amplify this storm. here is the basic config snippets of ASA
same-security-traffic permit inter-interface same-security-traffic permit intra-interface Notes: I believe one of above option has something to do with this storm.
Routes
S* 0.0.0.0 0.0.0.0 [1/0] via 26.172.22.1, outside C 10.1.1.0 255.255.255.0 is directly connected, inside L 10.1.1.1 255.255.255.255 is directly connected, inside 
No comments:
Post a Comment