Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
1
Replies

AnyConnect users try to connect broadcast in the same network

polinaovsyannikova
Level 1
Level 1

‎10-27-2018 12:23 AM - edited ‎02-21-2020 09:29 PM

Hello, I have strange situation 

 

My topology is:

 

Anyconnect User --> Asa+ACS (5.5)+AD --> inside Network

 

When User connecting to ASA by anyconnect client, i see  many many rows with strange logs:

4|Oct 27 2018 13:12:33|106103: access-list AAA-user-polinao-19667502 denied udp for user 'polinao' outside/10.XX.121.45(137) -> outside/10.XX.121.63(137) hit-cnt 1 first hit [0xea7e4b66, 0x0]

 

Where 10.xx.121.63 - broadcast address of network  for anyconnect clients - 10.xx.121.0/26

 

If someone faced a similar situation, please tell me what it can be connected with. Thanks

 

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎10-27-2018 07:33 AM

You have not given us much information to work with. But the most significant clue in what you have posted is that they are attempting access on UDP port 137 which is used for netBIOS. netBIOS frequently tries to identify resources by sending broadcast frames. It is apparent that the access list assigned for this user is not permitting those netBIOS broadcast requests.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents