Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
2
Replies

Nachi detected from 3015 Concentrator?

jason.scott
Level 1
Level 1

‎11-21-2003 06:34 AM - edited ‎03-09-2019 05:37 AM

Our IDS shows each day about 20 nachi alarms orginating from the private ip address of our 3015 vpn concentrator and I'm at a loss to explain it.

This occurs regardless of clients being connected or not. ICMPs are filtered and dropped both in and outgoing on the box.

The IDS signature shows the nachi alarms as coming from and to port 0, which also seems strange.

Does anyone know what could be causing this?

Btw we are running 3.x of IDS - have yet to upgrade to 4.x

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎11-27-2003 10:40 PM

This is basically due to the limitations of 3.1 code. 4.0 should not have any such problems.

0 Helpful

mcerha
Level 3
Level 3

‎12-01-2003 08:40 AM

Could you please send a traffic sample directly to me at mcerha@cisco.com. I will look into the exact cause.

0 Helpful
Customers Also Viewed These Support Documents