Dear all,
we are recently working with a RV042 router, with VPN group tunnel (connectig using shrew VPN). Last days the router was logging a few disconnections like this ("[XXX]" text replaced for security reasons)
Dec 9 17:02:58 2014 XXX VPN Log: (grpips0)[72] [XXX].[XXX].[XXX].0/24=== ...113.240.173.58===?: [Tunnel Disconnected] instance with peer 113.240.173.58 {isakmp=#0/ipsec=#0}
But NO RELATED "connections" (apart from our own controled connection/disconnection) were reported previously. Is this a security issue/breach?
(The foreign IP was left clear so if anyone knows about that particular IP, can make a comment.)
What I do not understand is:
- router logs a disconnection without a previous connection
- no other activity is detected on the VPN (perhaps only spying?)
- when I disconnect, two logs are generated (in order of appearance)
-
Dec [xxx] [xxx]:[xxx]:[xxx] 2014 3EFF-3196 VPN Log: (grpips0)[73] 192.168.2.0/24=== ...[xxx].[xxx].[xxx].[xxx]===?: [Tunnel Disconnected] instance with peer [xxx].[xxx].[xxx].[xxx]{isakmp=#0/ipsec=#0}
Dec [xxx] [xxx]:[xxx]:[xxx]2014 3EFF-3196 VPN Log: (grpips0)[73] [xxx].[xxx].[xxx].0/24=== ...[xxx].[xxx].[xxx].[xxx]===? #220: [Tunnel Established] ISAKMP SA established
- when foreign IP disconnects, only one is generated (e.g. whitout #220)
Does this have an explanation?
Thanks in advance. Regards, Juan.