Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
0
Helpful
1
Replies

Issues with blocking VPN Traffic on Cisco ASA5520

rzdziech
Level 1
Level 1

‎04-24-2020 04:20 AM

Hardware Info:

Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(1)

ASA5520

 

Problem:

Hi Guys, 

I am trying to block this VPN attempts to my vpn box but by some reason I am not able to do it.

 

I have already blocked this IP on the outside interface in ACL with protocol IP 

 

By some reason I still see this happening in my logs every few seconds.

 

I have read about control plane by it looks it might be not supported in my version?

 

Thanks for any help.

 

Group = 217.138.134.131, IP = 217.138.134.131, Error: Unable to remove PeerTblEntry

Group = 217.138.134.131, IP = 217.138.134.131, Removing peer from peer table failed, no match!

Group = 217.138.134.131, IP = 217.138.134.131, Can't find a valid tunnel group, aborting...!

0 Helpful
1 Reply 1

Sheraz.Salim
VIP Alumni
VIP Alumni

‎04-24-2020 04:32 AM - edited ‎04-24-2020 04:35 AM

version 8.0(3) is old version consider doing upgrade. here is a sample config. change according to your needs.

 

172.250.246.42 is the source (outside rogue ip) try to connect to ASA.

access-list cp-outside deny udp host 172.250.246.42 any eq 4500

access-list cp-outside deny udp host 172.250.246.42 any eq 500

access-list cp-outside deny esp host 172.250.246.42 any

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card