Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
1
Replies

Site-to-Site VPN activity - Does this sound like a hijack?

m-carey
Level 1
Level 1

‎12-02-2005 11:26 AM - edited ‎02-21-2020 02:08 PM

I have multiple site-to-site VPN's between my PIX515E and outside networks. One, a PIX 501, had network problems for a couple days, then once the ISP fixed the issue, I saw traffic trying to get from my site to theirs, but using a different ISP remote host. I contacted the ISP, but the address is a completely different carrier. It looked like the traffic was being intiated from both sides, but I could only see the log on my side trying to establish a VPN connection with an incorrect peer address. I rebooted the PIX 515E and problem solved.

Does this sound like a hijack of some sort on the PIX501 address?

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎12-08-2005 01:51 PM

For Monitoring the Site-to-Site VPN activity refer to the following url to avoid hijack

http://www.cisco.com/en/US/products/sw/cscowork/ps5387/products_user_guide_chapter09186a00801ce378.html#28987

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents