Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DOS attack on vpn 3000 concentrator

Hi I have received an log on my cisco vpn 3000 concentrator stating....

L Internet Key Exchange (IKE) Phase-1 Denial of Service *Delinquent 2009-09-09 2009-10-09

now what do i need to do to gather more information pertaining to this DOS attack and how do i prevent it from occouring?

I would also appreciate any study material on these 3 types of vpn c2s, s2s and ssh/ssl vpn.




Re: DOS attack on vpn 3000 concentrator

First you have to be aware that the cvpn is kind of a legacy technology and some of the vulnerabilites that IKE has presented in the past might be present on this box, the important part to cover here is to make sure that your box does not have a weak IKE policy enabled which will include DES, MD5 and DH1, if this is an IKE policy that you have enabled then make sure it is disabled since it is easily breakable.

Unfortunately there is no feature on the CVPN that will rate or prevent unknown ike requests but disabling these combinations might help.

As for the study materials you can go ahead and read the users guide for this box.