1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not an initialization offer
IKE maintains state information for a communication in the form of security associations. No security association exists for this packet and it is not an initial offer from the peer to establish one. This situation could indicate a denial-of-service attack.
we did face similar kinda error messages in our 3660 boxes in which we have crypto supported/compatible ios codes installed in that.
we did recieve the same from public block belongs to different domains,if you dont want them to be logged up then you can block the ports belongs to IKE and IPSEC in your box if you arent running any existing crypto tunnels with any of the other peers.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...