Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Stop SA / VPN requests

My logs on several of my WAN routers are full of the following messages -

730: IKE message from xx.xx.xx.xx has no SA and is not an initialization offer

728: Processing of Main mode failed with peer at xx.xx.xx.xx

1192: Processing of Informational mode failed with peer at xx.xx.xx.xx

These routers do not have IPSEC feature on them, and thus do not provide any vpn services.

How can I stop this from happening? Is there another way becides blocking these IP's in an access list?

Thanks,

1 REPLY
Silver

Re: Stop SA / VPN requests

IKE maintains state for a communication in the form of security associations. No security association exists for this packet and it is not an initial offer from the peer to establish one. It appears that the remote peer or client is misconfigured.

Refer this link for more info:

http://www.cisco.com/en/US/products/ps5845/products_system_message_guide_chapter09186a00806a2ba5.html#wp1017258

232
Views
0
Helpful
1
Replies
CreatePlease to create content