[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ASA 5520 ASDM Syslog messages

Posted on 2013-12-17
7
Medium Priority
?
659 Views
Last Modified: 2013-12-24
Hello,

I'm seeing the asdm syslog messages roll by with the following:

IP = <IP Address> Header invalid, missing SA payload! (next payload = 4)

I do have VPNs configured, one site-to-site and the other a regular one. Neither of those originate from the IP address mentioned.

I put that IP into a drop ACL at the begining on the outside interface and it still keeps on coming.

Any idea on what this is and why its happening? How do i stop it?

Thanks
0
Comment
Question by:netcmh
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:TMekeel
ID: 39724479
Did you remove any VPNs?

Can you try clear crypto isakmp sa invalid ip address?

edited for I typed the command incorrectly....
0
 
LVL 21

Author Comment

by:netcmh
ID: 39724634
When I issued that command, I got this:

Can't find a valid tunnel group, aborting...

I don't have that IP anywhere in my config.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39725053
Can you try rebooting the device and see if it persists?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 21

Author Comment

by:netcmh
ID: 39725072
I could. It'll have to wait till maintenance window. Early next month.

Anything else I could try in the mean while?
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39725576
The only thing I could think of is to reset the tunnel, but we tried clearing already, and you have an ACL to block inbound on the outside interface...not sure what else to do besides reboot or call TAC and ask!


Perhaps another Expert can chime in;  I'm sorry I don't know off the top of my head.  I will try some google-fu for you though and see if I can gain some knowledge to pass on.
0
 
LVL 21

Accepted Solution

by:
netcmh earned 0 total points
ID: 39729800
Got it figured out.

Did a reverse IP lookup. Found the company. Called them.

They had a vendor with that IP earlier. Got in touch with their infrastructure team, verified that the config belonged to the old vendor (who has now changed their IP), and had it removed.

The sessions stopped.
0
 
LVL 21

Author Closing Comment

by:netcmh
ID: 39737638
This was the solution.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question