Stop SA / VPN requests

Unanswered Question
Feb 19th, 2007

My logs on several of my WAN routers are full of the following messages -

730: IKE message from xx.xx.xx.xx has no SA and is not an initialization offer

728: Processing of Main mode failed with peer at xx.xx.xx.xx

1192: Processing of Informational mode failed with peer at xx.xx.xx.xx

These routers do not have IPSEC feature on them, and thus do not provide any vpn services.

How can I stop this from happening? Is there another way becides blocking these IP's in an access list?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.hsu Fri, 02/23/2007 - 12:39

IKE maintains state for a communication in the form of security associations. No security association exists for this packet and it is not an initial offer from the peer to establish one. It appears that the remote peer or client is misconfigured.

Refer this link for more info:

http://www.cisco.com/en/US/products/ps5845/products_system_message_guide_chapter09186a00806a2ba5.html#wp1017258

Actions

This Discussion