Symptom
When active ASA's does not get response for the hello packets from the stand by unit, following log messages are seen continuously (avg 5 per second)
%ASA-2-106017: Deny IP due to Land Attack from 10.13.85.136 to 10.13.85.136
[Here 10.13.85.136 is the Standby Ip address]
Conditions
the ASA's in failover should have at least one of the interface should be in normal(waiting), that is to say that the hello packets are not making to that interface (Basically no connectivity)
Further Problem Description
None.
PSIRT Evaluation
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
