02-23-2021 07:25 AM
Hi
I have noticed thousends of requests coming from IP´s to my RV340 UDP 500 with invalid requests.
I have tried to create a firewall rule to block this Port for that IP´s but it did not work.
The rule is applied but does not seem to have any effect.
I use site2site VPN´s to 2 IP´s and I whant all other IP´s to be blocked.
Is it possible to block this requests somehow?
Thanks
02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="151"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="150"] 03[ENC] header could not be parsed
02-23-2021 16:19:56 Daemon.Info IP 1 2021-02-23T16:19:56+01:00 home charon - - [meta sequenceId="149"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="148"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="147"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="146"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="145"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="144"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="143"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="142"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="141"] 03[ENC] header could not be parsed
02-23-2021 16:19:54 Daemon.Info IP 1 2021-02-23T16:19:54+01:00 home charon - - [meta sequenceId="140"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="139"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="138"] 03[ENC] header could not be parsed
02-23-2021 16:19:53 Daemon.Info IP 1 2021-02-23T16:19:53+01:00 home charon - - [meta sequenceId="137"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="136"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="135"] 03[ENC] header could not be parsed
02-23-2021 16:19:52 Daemon.Info IP 1 2021-02-23T16:19:52+01:00 home charon - - [meta sequenceId="134"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="133"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="132"] 03[ENC] header could not be parsed
02-23-2021 16:19:51 Daemon.Info IP 1 2021-02-23T16:19:51+01:00 home charon - - [meta sequenceId="131"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="130"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="129"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="128"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="127"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="126"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="125"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="124"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="123"] 03[ENC] header could not be parsed
02-23-2021 16:19:50 Daemon.Info IP 1 2021-02-23T16:19:50+01:00 home charon - - [meta sequenceId="122"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="121"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="120"] 03[ENC] header could not be parsed
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="119"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="118"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="117"] 03[ENC] header could not be parsed
02-23-2021 16:19:49 Daemon.Info IP 1 2021-02-23T16:19:49+01:00 home charon - - [meta sequenceId="116"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="115"] 03[NET] received invalid IKE header from 43.248.189.2 - ignored
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="114"] 03[ENC] header could not be parsed
02-23-2021 16:19:47 Daemon.Info IP 1 2021-02-23T16:19:47+01:00 home charon - - [meta sequenceId="113"] 03[ENC] not enough input to parse rule 2 U_INT_8
02-23-2021 09:16 AM
What did your firewall rule(s) look like that you tried to block UDP 500?
02-23-2021 09:51 AM
02-23-2021 09:57 AM
This was applied inbound on your Internet facing address and it didn't break your site-to-site tunnels?
02-23-2021 10:06 AM
Correct - I still get incomming packages and my site2site VPN´s to outside destinations still work.
So it seems it does not have any impact.
02-23-2021 10:10 AM
Try adding UDP 4500 to your block rule
02-23-2021 10:43 AM
I also added
IPSEC-UDP-ENCAP
UDP
4500
to a second deny rule - bit still packages coming in from the outside world.
So the rules do not have any affect on ipsec ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide