Here are a few syslogs from my ASA that seem very suspicious:
4 Oct 13 2009 15:52:15 713903 IP = 126.96.36.199, Header invalid, missing SA payload! (next payload = 133)
4 Oct 13 2009 15:52:15 713903 IP = 188.8.131.52, Error: Unable to remove PeerTblEntry
3 Oct 13 2009 15:52:15 713902 IP = 184.108.40.206, Removing peer from peer table failed, no match!
3 Oct 13 2009 15:52:15 713048 IP = 220.127.116.11, Error processing payload: Payload ID: 1
I have no clue what the 38. ip address is -- I am not using this in my config anywhere. The ASA just has one site to site VPN and does not use this IP in any way anywhere in config.
What could be the root cause of these message? Is someone trying to exploit a vulnerability in the ASA ?
These messages are appearing every few minutes for the last 15 minutes. I don't think its possible for me to block the IP via ACL since VPN traffic processed first.
Please advise. Any insight on this issue greatly appreciated.