|
zoro -> Strange Site to site VPN event ID (3.Jun.2008 4:07:25 PM)
|
Hi,
I've been having strange issue recently on one of my ISA's 2004 Std. It happens only on one of them and I can not get a clue what I'm doing wrong here, or if I am hacked???
There is no pattern, but from time to time, one ISA (they are both running on Win 2003 Std and ISA is with SP2) is trying to initiate VPN with unknown IPs, public ones. Sometimes it happens in timeframe of 10 days, but sometimes 2 times a day. Target IPs are spread throught the globe.
Both modes (Main and Quick) of course failed, since I have no affiliations to these IPs whatsover and my ISA is initiating traffic.
I have Site to Site tunnels from that ISA to 3 more remote sites and all looks OK, but this is really strange to me. I tried Google it, but no luck.
Event ID is 547:
Here is an example:
IKE security association negotiation failed.
Mode:
Key Exchange Mode (Main Mode)
Filter:
Source IP Address 82.35.x.xx
Source IP Address Mask 255.255.255.255
Destination IP Address 67.69.xx.xx
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 82.35.x.xx
IKE Peer Addr 67.69.xx.xx
IKE Source Port 4500
IKE Destination Port 0
Peer Private Addr
Peer Identity:
Certificate based Identity.
Peer Subject
Peer SHA Thumbprint 0000000000000000000000000000000000000000
Peer Issuing Certificate Authority
Root Certificate Authority
My Subject
My SHA Thumbprint 0000000000000000000000000000000000000000
Peer IP Address: 67.69.xx.xx
Failure Point:
Me
Failure Reason:
IKE authentication credentials are unacceptable
Extra Status:
Processed second (KE) payload
Responder. Delta Time 0
0x0 0x0
For more information, see Help and Support Center at
Why it would initiate connection randomly at all?
Does anoyone have an idea?
Thanks a lot,
zoro
|
|
|
|