ASA 5505 is reporting lots of 402120 message - Cisco Community

450

Views

0

Helpful

2

Replies

We have 2 ASA 5505 located in head office (173.212.xxx.xxx) and remote site (50.34.xxx.xxx) and site-to-site VPN has been established between them.everything is fine but the ASA in head office keeps reporting below 402120 syslog message.

4 Jan 02 2013 12:30:34 402120 50.34.xxx.xxx 173.212.xxx.xxxIPSEC: Received an ESP packet (SPI= 0x384E1C57, sequence number= 0x2AE77) from 50.34.xxx.xxx(user= <remote username>) to 173.212.xxx.xxx that failed authentication.

Even though, VPN tunnel is not dropped.

Does anyone have an idea?

2 Replies 2

Is the 50.34.xxx.xxx address something other than your peer's address?

If so, I would guess that someone has tried unsuccessfully to setup a remote access VPN using some of the info from the site-site (L2L) VPN. Since they aren't setup as a remote access VPN user they fail to authenticate.

Thanks Marvin,

But 50.34.xxx.xxx is the peer's address. VPN is working fine but ASA (173.212.xxx.xxx) keeps reporting 402120, especially when there is traffic on VPN tunnel.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community