Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 672
  • Last Modified:

ASA 5520 ASDM Syslog messages

Hello,

I'm seeing the asdm syslog messages roll by with the following:

IP = <IP Address> Header invalid, missing SA payload! (next payload = 4)

I do have VPNs configured, one site-to-site and the other a regular one. Neither of those originate from the IP address mentioned.

I put that IP into a drop ACL at the begining on the outside interface and it still keeps on coming.

Any idea on what this is and why its happening? How do i stop it?

Thanks
0
netcmh
Asked:
netcmh
  • 4
  • 3
1 Solution
 
TMekeelCommented:
Did you remove any VPNs?

Can you try clear crypto isakmp sa invalid ip address?

edited for I typed the command incorrectly....
0
 
netcmhAuthor Commented:
When I issued that command, I got this:

Can't find a valid tunnel group, aborting...

I don't have that IP anywhere in my config.
0
 
TMekeelCommented:
Can you try rebooting the device and see if it persists?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
netcmhAuthor Commented:
I could. It'll have to wait till maintenance window. Early next month.

Anything else I could try in the mean while?
0
 
TMekeelCommented:
The only thing I could think of is to reset the tunnel, but we tried clearing already, and you have an ACL to block inbound on the outside interface...not sure what else to do besides reboot or call TAC and ask!


Perhaps another Expert can chime in;  I'm sorry I don't know off the top of my head.  I will try some google-fu for you though and see if I can gain some knowledge to pass on.
0
 
netcmhAuthor Commented:
Got it figured out.

Did a reverse IP lookup. Found the company. Called them.

They had a vendor with that IP earlier. Got in touch with their infrastructure team, verified that the config belonged to the old vendor (who has now changed their IP), and had it removed.

The sessions stopped.
0
 
netcmhAuthor Commented:
This was the solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now