I've been having strange issue recently on one of my ISA's 2004 Std. It happens only on one of them and I can not get a clue what I'm doing wrong here, or if I am hacked???
There is no pattern, but from time to time, one ISA (they are both running on Win 2003 Std and ISA is with SP2) is trying to initiate VPN with unknown IPs, public ones. Sometimes it happens in timeframe of 10 days, but sometimes 2 times a day. Target IPs are spread throught the globe. Both modes (Main and Quick) of course failed, since I have no affiliations to these IPs whatsover and my ISA is initiating traffic. I have Site to Site tunnels from that ISA to 3 more remote sites and all looks OK, but this is really strange to me. I tried Google it, but no luck. Event ID is 547:
Here is an example:
IKE security association negotiation failed. Mode: Key Exchange Mode (Main Mode)
Filter: Source IP Address 82.35.x.xx Source IP Address Mask 255.255.255.255 Destination IP Address 67.69.xx.xx Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 82.35.x.xx IKE Peer Addr 67.69.xx.xx IKE Source Port 4500 IKE Destination Port 0 Peer Private Addr
Peer Identity: Certificate based Identity. Peer Subject Peer SHA Thumbprint 0000000000000000000000000000000000000000 Peer Issuing Certificate Authority Root Certificate Authority My Subject My SHA Thumbprint 0000000000000000000000000000000000000000 Peer IP Address: 67.69.xx.xx
Failure Point: Me
Failure Reason: IKE authentication credentials are unacceptable
Extra Status: Processed second (KE) payload Responder. Delta Time 0 0x0 0x0
For more information, see Help and Support Center at
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Strange Site to site VPN event ID 
Strange Site to site VPN event ID - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread