Hello, all.
I have two ASA's, each with Dual ISPs configured as well as redundant L2L VPN's. I don't have any issues with my L2L connections. On one ASA I see the following at all times when I run "show crypto isa":
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: x.x.x.x
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
However, on the other ASA I periodically see the following:
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: x.x.x.x
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
2 IKE Peer: 207.187.193.250
Type : user Role : responder
Rekey : no State : MM_WAIT_MSG3
I have no idea who the 207.187.193.250 peer is. This user connection will appear, then disappear, as if someone is trying to connect to the wrong peer IP. I've pinged 207.187.193.250 and got a response. I run a port-scan against that IP and get nothing. The IP seems to belong to a place in IL on domain adpasp.com. Again... I have no idea who this is.
Any help/suggestions would be appreciated. Any way to block the attempt from this IP all together??
Thanks.
--Nick
