Site-to-Site VPN activity - Does this sound like a hijack?
I have multiple site-to-site VPN's between my PIX515E and outside networks. One, a PIX 501, had network problems for a couple days, then once the ISP fixed the issue, I saw traffic trying to get from my site to theirs, but using a different ISP remote host. I contacted the ISP, but the address is a completely different carrier. It looked like the traffic was being intiated from both sides, but I could only see the log on my side trying to establish a VPN connection with an incorrect peer address. I rebooted the PIX 515E and problem solved.
Does this sound like a hijack of some sort on the PIX501 address?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...