Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2271
Views
3
Helpful
3
Replies

IPSec VPN Remote Peer Address

Go to solution
grantsewell
Level 1
Level 1

‎03-06-2013 12:37 PM - edited ‎02-21-2020 06:44 PM

I've been using an ASA 5505 -- ASA 9.1(1) -- with an IPSec Remote Access VPN. Everything works properly, though I recently noticed that when my IPSec session is disconnected, I get the standard message ID 113019, but within that message the Peer IP address is incorrect. In fact, it isn't even close to my actual remote address. Here's a sample message, IP obfuscated:

4          Mar 06 2013          15:26:51                                                            Group = group, Username = joe, IP = 15.16.17.18, Session disconnected. Session Type: IPsec, Duration: 0h:00m:11s, Bytes xmt: 73888, Bytes rcv: 43876, Reason: User Requested

When I first researched the IP, I found it coming from China, which freaked me out. I changed settings, rolled back to 9.0(1), and nothing worked. Finally I rebooted, reconnected the VPN, and the IP changed. This time it was an address from RIPE NIC. I rebooted again, now an address from ARIN in the USA. One more reboot, now a random Comcast residential address.

Within that boot cycle, the peer address always stays the same. I've connected from different devices, different IPs, different ISPs - nothing matters. Additionally, there are no firewall logs for these IP addresses at all.

TLDR: ASA Remote Access VPN peer addresses in disconnect message are incorrect and change at reboot.

So my question is, where is my ASA getting these addresses and what is going on?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-06-2013 01:06 PM

Grant,

We've had something similar reported recently:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCub72545

If you're running 9.1.1 and still facing same problem - you might need to open up a TAC case.

M.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎03-06-2013 01:03 PM

Hello Grant,

Here is the bug ID: CSCub72545

Fixed-In Fixed-in

8.4(5)

9.1(1)

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-06-2013 01:06 PM

Grant,

We've had something similar reported recently:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCub72545

If you're running 9.1.1 and still facing same problem - you might need to open up a TAC case.

M.

0 Helpful

Go to solution
grantsewell
Level 1
Level 1
In response to Marcin Latosiewicz

‎03-06-2013 01:20 PM

Sounds like according to this post:

https://supportforums.cisco.com/thread/2192866

Fix will be available in 9.1(2). Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents