Hello, all.

I have two ASA's, each with Dual ISPs configured as well as redundant L2L VPN's. I don't have any issues with my L2L connections. On one ASA I see the following at all times when I run "show crypto isa":

Active SA: 1

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1   IKE Peer: x.x.x.x

    Type    : L2L             Role    : responder 

    Rekey   : no              State   : MM_ACTIVE 

However, on the other ASA I periodically see the following:

Active SA: 2

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 2

1   IKE Peer: x.x.x.x

    Type    : L2L             Role    : responder 

    Rekey   : no              State   : MM_ACTIVE 

2   IKE Peer: 207.187.193.250

    Type    : user            Role    : responder 

    Rekey   : no              State   : MM_WAIT_MSG3

I have no idea who the 207.187.193.250 peer is. This user connection will appear, then disappear, as if someone is trying to connect to the wrong peer IP.  I've pinged 207.187.193.250 and got a response. I run a port-scan against that IP and get nothing. The IP seems to belong to a place in IL on domain adpasp.com. Again... I have no idea who this is.

Any help/suggestions would be appreciated. Any way to block the attempt from this IP all together??

Thanks.

--Nick