03-06-2013 12:37 PM - edited 02-21-2020 06:44 PM
I've been using an ASA 5505 -- ASA 9.1(1) -- with an IPSec Remote Access VPN. Everything works properly, though I recently noticed that when my IPSec session is disconnected, I get the standard message ID 113019, but within that message the Peer IP address is incorrect. In fact, it isn't even close to my actual remote address. Here's a sample message, IP obfuscated:
4 Mar 06 2013 15:26:51 Group = group, Username = joe, IP = 15.16.17.18, Session disconnected. Session Type: IPsec, Duration: 0h:00m:11s, Bytes xmt: 73888, Bytes rcv: 43876, Reason: User Requested
When I first researched the IP, I found it coming from China, which freaked me out. I changed settings, rolled back to 9.0(1), and nothing worked. Finally I rebooted, reconnected the VPN, and the IP changed. This time it was an address from RIPE NIC. I rebooted again, now an address from ARIN in the USA. One more reboot, now a random Comcast residential address.
Within that boot cycle, the peer address always stays the same. I've connected from different devices, different IPs, different ISPs - nothing matters. Additionally, there are no firewall logs for these IP addresses at all.
TLDR: ASA Remote Access VPN peer addresses in disconnect message are incorrect and change at reboot.
So my question is, where is my ASA getting these addresses and what is going on?
Solved! Go to Solution.
03-06-2013 01:06 PM
Grant,
We've had something similar reported recently:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCub72545
If you're running 9.1.1 and still facing same problem - you might need to open up a TAC case.
M.
03-06-2013 01:03 PM
Hello Grant,
Here is the bug ID: CSCub72545
8.4(5)
9.1(1)
Remember to rate all of the helpful posts
03-06-2013 01:06 PM
Grant,
We've had something similar reported recently:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCub72545
If you're running 9.1.1 and still facing same problem - you might need to open up a TAC case.
M.
03-06-2013 01:20 PM
Sounds like according to this post:
https://supportforums.cisco.com/thread/2192866
Fix will be available in 9.1(2). Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: