Error Message #2

Unanswered Question
Sep 11th, 2005
User Badges:

Hi,


Can anybody please tell me what this error message means?


*Mar 11 23:59:08.503: %CRYPTO-4-IKMP_NO_SA: IKE message from 172.16.10.1 has

no SA and is not an initialization offer


Any help would be appreciated,


Thanx


Yazan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
spremkumar Sun, 09/11/2005 - 22:41
User Badges:
  • Red, 2250 points or more

hi


This is the meaning of the error message..


1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not an initialization offer


IKE maintains state information for a communication in the form of security associations. No security association exists for this packet and it is not an initial offer from the peer to establish one. This situation could indicate a denial-of-service attack.


we did face similar kinda error messages in our 3660 boxes in which we have crypto supported/compatible ios codes installed in that.


we did recieve the same from public block belongs to different domains,if you dont want them to be logged up then you can block the ports belongs to IKE and IPSEC in your box if you arent running any existing crypto tunnels with any of the other peers.



regds


Actions

This Discussion