03-28-2014 07:33 AM
I noticed a very peculiar issue on ASA5520 running version 9.1(1). Whenever a VPN user disconnects (or times out, or gets forcefully logged out), an entry in the log refers IP address that's not user's actual IP address. This is one of the examples where IP address 196.95.116.118 is logged:
---SNIP---
Mar 28 2014 13:37:45: %ASA-4-113019: Group = <VPNGROUP>, Username = <USERNAME>, IP = 196.95.116.118, Session disconnected. Session Type: IKEv1, Duration: 0h:05m:46s, Bytes xmt: 59216, Bytes rcv: 123329, Reason: User Requested
---SNIP---
So far I captured about 7 of those IP addresses and they all have pattern x.x.116.118. This is the list:
24.80.116.118
60.57.116.118
84.104.116.118
164.78.116.118
180.18.116.118
196.95.116.118
202.89.116.118
None of them is related to any of my clients nor company itself. Also, they don't belong to my ISPs. Overall ASA and VPN functionality is not affected. Would anybody have some knowledge or clue where are those addresses referred from and why would they have such strange pattern?
Solved! Go to Solution.
03-29-2014 07:19 AM
Hi,
This related to a bug https://tools.cisco.com/bugsearch/bug/CSCub72545/?reffering_site=dumpcr
Hope it helps.
Regards,
Shetty
03-29-2014 07:19 AM
Hi,
This related to a bug https://tools.cisco.com/bugsearch/bug/CSCub72545/?reffering_site=dumpcr
Hope it helps.
Regards,
Shetty
03-31-2014 11:38 AM
Thanks, Shetty. This seems to be the exact issue in question. I'm already in contact with Cisco support to get updated software version for ASA5520. The ones available for download seem not to contain this fix.
Regards,
Sasha
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: