I have an ASA 5505 firewall that is doing one site to site VPN.
I saw some weird stuff in the logs regarding an IP address not associated with the VPN on either side:
4 Sep 27 2009 19:19:45 713903 IP = 71.201.76.x, Header invalid, missing SA payload! (next payload = 133)
3 Sep 27 2009 19:19:45 713048 IP = 71.201.76.x, Error processing payload: Payload ID: 1
3 Sep 27 2009 19:19:45 713902 IP = 71.201.76.x, Removing peer from peer table failed, no match!
4 Sep 27 2009 19:19:45 713903 IP = 71.201.76.x, Error: Unable to remove PeerTblEntry
Is this some type of attack? If so, could this be stopped with an ACL regarding the specific host allowed to hit port 500 UDP (isakmp ) on the outside interface?
access-list 103 permit udp host TheOnlyVPNPeerAllowed interface outside eq 500 log ?
Thanks for any help!