Event ID - ASA-4-402115

Message CodeASA-4-402115
SeverityWarning
DescriptionIPSEC: Received a packet from remote_IP to local_IP containing act_prot data instead of exp_prot data.
ExplanationThis message is displayed when an IPSec packet is received that is missing the expected ESP header. The peer is sending packets that do not match the negotiated security policy. This may indicate an attack. This message is rate limited to no more than one message every five seconds.
  • remote_IP—IP address of the remote endpoint of the tunnel.
  • local_IP—IP address of the local endpoint of the tunnel.
  • act_prot—Received IPSec protocol.
  • exp_prot—Expected IPSec protocol
User ActionContact the administrator of the peer.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh