I've seen this activity, but not from src port 135. In my case the activity is from src port 80 to dst port 2234. Also, I can't find any cooresponding entry in the Firewall log to correlate to the alarm. There is no Nachi activity in our network that I'm aware of.
I'd also like to know what signature string expression triggers this alarm. Is this a defective signature perhaps?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...