Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPSEC Replay 2

Status
Not open for further replies.
mjbarry

mjbarry

IS-IT--Management
Mar 14, 2006
2
0
0
US
Hello everyone...

I've got a question about a log notification that just started popping up on a Sonicwall 2040 that I manage.
(IPSEC Replay Detected)

Setup: Main office has 2040, 9 remote offices all have Site to Site VPN tunnels using either SOHO3's or TZ-170's.
1 remote office is using a Global VPN client (it's a temporary location). This particular site is using a Sprint Air card for internet access, and this is where the problem is rearing it's ugly head.

I'm getting bunches of "IPSEC Replay Detected" messages in the log recently. Everything had been running fine up until this point, and no changes had been made.

It's only happening on the Global VPN client, the client is the latest (3.1.0.556) and I just updated the firmware on the Pro 2040 at the main office to 3.1.0.15-95s (Standard OS).

Like I said, I updated the firmware, but I also disabled Dead Peer Detection and had no luck solving this.

Does anyone have any idea how to fix this?

Thanks!

Mike

 
Sort by date Sort by votes
Hi Mike Welcome to our forum. There are talented and knowledge people here that can help you with your SonicWALL Firewalls. Feel free to ask questiions here anytime. Must times you will get a quick response.

Ok now to answer your concern. The "IPSEC Relay Detected" is not a error but a notification that someone in Internet land is trying to establish a VPN Tunnel with your firewall. Fortunatly your SonicWALL is configured correctly and it is blocking this and alerting you. Now unfortunatly there is nothing you can do to stop this, because the hackers are running automated scripts that attack VPN tunnels they detect. The are hoping for the "Sucker that is born every minute", luckily that is not you. hehe

So kiss your firewall and buy it some flowers for working so good, because if they was able to establish a tunnel your whole network would have been under siege.



Roger White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Certified Security Architect and Auditor
Network Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TECHMAN007
  • Locked
  • Question
L2TP over IPSEC with PAP
Replies
0
Views
42
TECHMAN007
TECHMAN007
normntwrk
  • Locked
  • Question
Anyconnect and "old" IPSec vpn
Replies
2
Views
55
normntwrk
normntwrk
tbierl
  • Locked
  • Question
Cisco ASA IPSec Spoof Detected
Replies
2
Views
111
burtsbees
burtsbees
J001
  • Locked
  • Question
Configuring ASA IPSEC Tunnels
Replies
4
Views
23
J001
J001
jbober14
  • Locked
  • Question
IPSec VPN Issues
Replies
3
Views
44
jbober14
jbober14

Part and Inventory Search

Sponsor

Back
Top