cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2259
Views
5
Helpful
3
Replies

%ASA-3-751002 Username:DefaultL2LGroup IKEv2 No pre-shared key

loc.nguyen
Beginner
Beginner

Hi

 

We got a lot of below in the firewall's log file.  We don't have anything set up with the IP 40.119.7.190.  Do you know how to stop this?

 

May 03 2022 10:53:22: %ASA-3-751002: Local:216.xx.12.36:500 Remote:40.119.7.190:500 Username:DefaultL2LGroup IKEv2 No pre-shared key or trustpoint configured for self in tunnel group DefaultL2LGroup
May 03 2022 11:15:24: %ASA-3-751002: Local:216.xx.12.36:500 Remote:40.119.7.190:500 Username:DefaultL2LGroup IKEv2 No pre-shared key or trustpoint configured for self in tunnel group DefaultL2LGroup
May 03 2022 12:23:28: %ASA-3-751002: Local:216.xx.12.36:500 Remote:40.119.7.190:500 Username:DefaultL2LGroup IKEv2 No pre-shared key or trustpoint configured for self in tunnel group DefaultL2LGroup
May 03 2022 12:45:28: %ASA-3-751002: Local:216.xx.12.36:500 Remote:40.119.7.190:500 Username:DefaultL2LGroup IKEv2 No pre-s

1 Accepted Solution

Accepted Solutions

@loc.nguyen potentially someone has misconfigured their end of the VPN and attempting to establish a tunnel to your.

 

You could either configure a control-plane ACL on the ASA, block this IP address and permit all other IP addresses to establish a VPN tunnel to your ASA or Vice Versa (permit your known IP addresses and deny all others).

 

Alternatively block this source IP address on the upstream router using an ACL.

View solution in original post

3 Replies 3

@loc.nguyen potentially someone has misconfigured their end of the VPN and attempting to establish a tunnel to your.

 

You could either configure a control-plane ACL on the ASA, block this IP address and permit all other IP addresses to establish a VPN tunnel to your ASA or Vice Versa (permit your known IP addresses and deny all others).

 

Alternatively block this source IP address on the upstream router using an ACL.

Thanks

do you have any L2L IPSec VPN in ASA ? check if remote peer config any NAT recently.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: