Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
2
Replies

Bogus IP addresses in VPN session log entries

Go to solution
Sasha Dundovic
Level 1
Level 1

‎03-28-2014 07:33 AM

I noticed a very peculiar issue on ASA5520 running version 9.1(1). Whenever a VPN user disconnects (or times out, or gets forcefully logged out), an entry in the log refers IP address that's not user's actual IP address. This is one of the examples where IP address 196.95.116.118 is logged:

 

---SNIP---

Mar 28 2014 13:37:45: %ASA-4-113019: Group = <VPNGROUP>, Username = <USERNAME>, IP = 196.95.116.118, Session disconnected. Session Type: IKEv1, Duration: 0h:05m:46s, Bytes xmt: 59216, Bytes rcv: 123329, Reason: User Requested

---SNIP---

 

So far I captured about 7 of those IP addresses and they all have pattern x.x.116.118. This is the list:

24.80.116.118
60.57.116.118
84.104.116.118
164.78.116.118
180.18.116.118
196.95.116.118
202.89.116.118

 

None of them is related to any of my clients nor company itself. Also, they don't belong to my ISPs. Overall ASA and VPN functionality is not affected. Would anybody have some knowledge or clue where are those addresses referred from and why would they have such strange pattern?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Santhosha Shetty
Cisco Employee
Cisco Employee

‎03-29-2014 07:19 AM

Hi,

This related to a bug https://tools.cisco.com/bugsearch/bug/CSCub72545/?reffering_site=dumpcr

 

Hope it helps.

Regards,

Shetty

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Santhosha Shetty
Cisco Employee
Cisco Employee

‎03-29-2014 07:19 AM

Hi,

This related to a bug https://tools.cisco.com/bugsearch/bug/CSCub72545/?reffering_site=dumpcr

 

Hope it helps.

Regards,

Shetty

 

0 Helpful

Go to solution
Sasha Dundovic
Level 1
Level 1
In response to Santhosha Shetty

‎03-31-2014 11:38 AM

Thanks, Shetty. This seems to be the exact issue in question. I'm already in contact with Cisco support to get updated software version for ASA5520. The ones available for download seem not to contain this fix.

Regards,

Sasha

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents