• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Strange Site to site VPN event ID

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Strange Site to site VPN event ID Page: [1]
Login
Message << Older Topic   Newer Topic >>
Strange Site to site VPN event ID - 3.Jun.2008 4:07:25 PM   
zoro

 

Posts: 6
Joined: 3.Jun.2008
Status: offline
Hi,

I've been having strange issue recently on one of my ISA's 2004 Std. It happens only on one of them and I can not get a clue what I'm doing wrong here, or if I am hacked???

There is no pattern, but from time to time, one ISA (they are both running on Win 2003 Std and ISA is with SP2) is trying to initiate VPN with unknown IPs, public ones. Sometimes it happens in timeframe of 10 days, but sometimes 2 times a day. Target IPs are spread throught the globe.
Both modes (Main and Quick) of course failed, since I have no affiliations to these IPs whatsover and my ISA is initiating traffic.
I have Site to Site tunnels from that ISA to 3 more remote sites and all looks OK, but this is really strange to me. I tried Google it, but no luck.
Event ID is 547:

Here is an example:

IKE security association negotiation failed.
Mode:
Key Exchange Mode (Main Mode)

Filter:
Source IP Address 82.35.x.xx
Source IP Address Mask 255.255.255.255
Destination IP Address 67.69.xx.xx
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 82.35.x.xx
IKE Peer Addr 67.69.xx.xx
IKE Source Port 4500
IKE Destination Port 0
Peer Private Addr

Peer Identity:
Certificate based Identity. 
Peer Subject
Peer SHA Thumbprint 0000000000000000000000000000000000000000
Peer Issuing Certificate Authority
Root Certificate Authority
My Subject
My SHA Thumbprint 0000000000000000000000000000000000000000
Peer IP Address: 67.69.xx.xx

Failure Point:
Me

Failure Reason:
IKE authentication credentials are unacceptable

Extra Status:
Processed second (KE) payload
Responder.  Delta Time 0
0x0 0x0

For more information, see Help and Support Center at


Why it would initiate connection randomly at all?

Does anoyone have an idea?

Thanks a lot,

zoro
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Strange Site to site VPN event ID Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts