We have an ACL applied to an ingress/egress interface of one of our routers (no redundancy so only one way in one way out).
We are NOT trying to block any traffic, more of a research task.
We notice we continuely get hits on ISAKMP line but when viewing the logs we do not see ISAKMP (udp 500) hits nor do we see any additional attempt to go to IPsec - yet.
:
:
:
ACL:
ip access-list extended TT
permit udp any any eq isakmp log-input (45000 matches)
permit esp any any log-input
permit ahp any ayn log-input
permit udp any any eq non500-isakmp log-input
permit ip any any (534500443 matches)
:
:
:
LOG:
Repeated lines as such
May 18 13:21:37: %SEC-6-IPACCESSLOGP: list TT permitted udp 10.10.20.1(0) (TenGigabitEthernet1/1 MAC) -> 10.8.1.30(0)
:
:
:
Any ideas or suggerstions?
Thanks
Frank