RV042 reports tunnel disconnection without connection for foreign IP, Security issue? - Cisco Community

302

Views

0

Helpful

1

Replies

Dear all,

we are recently working with a RV042 router, with VPN group tunnel (connectig using shrew VPN). Last days the router was logging a few disconnections like this ("[XXX]" text replaced for security reasons)

Dec  9 17:02:58 2014 XXX VPN Log: (grpips0)[72] [XXX].[XXX].[XXX].0/24=== ...113.240.173.58===?: [Tunnel Disconnected] instance with peer 113.240.173.58 {isakmp=#0/ipsec=#0}

But NO RELATED "connections" (apart from our own controled connection/disconnection) were reported previously. Is this a security issue/breach?

(The foreign IP was left clear so if anyone knows about that particular IP, can make a comment.)

What I do not understand is:

router logs a disconnection without a previous connection
no other activity is detected on the VPN (perhaps only spying?)

when I disconnect, two logs are generated (in order of appearance)

Dec [xxx] [xxx]:[xxx]:[xxx] 2014 3EFF-3196 VPN Log: (grpips0)[73] 192.168.2.0/24=== ...[xxx].[xxx].[xxx].[xxx]===?: [Tunnel Disconnected] instance with peer [xxx].[xxx].[xxx].[xxx]{isakmp=#0/ipsec=#0}

Dec [xxx] [xxx]:[xxx]:[xxx]2014 3EFF-3196 VPN Log: (grpips0)[73] [xxx].[xxx].[xxx].0/24=== ...[xxx].[xxx].[xxx].[xxx]===? #220: [Tunnel Established] ISAKMP SA established

when foreign IP disconnects, only one is generated (e.g. whitout #220)

Does this have an explanation?

Thanks in advance. Regards, Juan.

1 Reply 1

Any clue if this is a real security breach to be concerned?

Can sombody explain me what are the 2 tunnels disconections (from tunnels created by me)?

Thanks in advance. Juan.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community