today I just came in the office and while I sipped coffee the phone rang. It was a colleague from our help desk ( 24/7 level2 support) who told me that there is an issue with one of our customers end-router (spoke). First I thought that maybe the customer was did something wrong with the configuration so I logged into the device. I saw that everything is looking fine with the configuration and I started some debugs. I started with ISAKMP - Everything was fine there. The routers passed successfully Phase1 and continued for the Phase2.Phase2 also completed successfully but no traffic was able to pass trough the tunnel interfaces. I did some checks and I see nothing unusual there until I start to debug the IPSec session. There is something very strange happened at the end of the communication process. There was an unknown IP address come in sight. I've confused because there is no such an address in the configuration and I saw it for the first time. This address has nothing to do with our customer. So my question is does anyone know how can this happen and where does it comes from? I tried lot of things but nothing helped until I reloaded of the router.
I am afraid because this address is maybe acting like kind of proxy. So what is your opinion about that? I've attached a snipped from my investigation that can help you to help me ;-).