Junos
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 1
Registered: ‎04-18-2017
0 Kudos

Request IKE IPSEC from strange IP address

Hi Guys,

the first time i working with SRX and have some issue

My SRX has been request IKE from very much strange IP address . what is happen, this is action of hacker ? Pls guide resolve this one

 

 

Apr 18 14:51:25  srx-a kmd[1693]: IKE negotiation failed with error: IKE gateway configuration lookup failed during negotiation. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: xxx.xxx.xxx.xxx/500, Remote: 112.220.235.82/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0: Role: Responder
Apr 18 14:51:53  srx-a kmd[1693]: IKE negotiation failed with error: IKE gateway configuration lookup failed during negotiation. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: xxx.xxx.xxx.xxx/500, Remote: 112.220.235.82/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0: Role: Responder
Apr 18 14:53:54  srx-a last message repeated 4 times
Apr 18 14:59:53  srx-a last message repeated 12 times
Apr 18 15:00:25  srx-a kmd[1693]: IKE negotiation failed with error: IKE gateway configuration lookup failed during negotiation. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: xxx.xxx.xxx.xxx/500, Remote: 112.220.235.82/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0: Role: Responder
Apr 18 15:00:54  srx-a kmd[1693]: IKE negotiation failed with error: IKE gateway configuration lookup failed during negotiation. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: xxx.xxx.xxx.xxx/500, Remote: 112.220.235.82/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0: Role: Responder

Thanks so much !

 

Highlighted
Distinguished Expert
Posts: 4,873
Registered: ‎03-30-2009
0 Kudos

Re: Request IKE IPSEC from strange IP address

Possibly, the message simply means that the remote address is trying to create a VPN with your SRX.  But your SRX is rejecting the attempt because you do not have that address configured as a valid VPN partner.

 

This could be someone trying to gain illicit access or simply a typo on someones part.

 

You could look up the ip address in IP Who Is and send a request to the associated Abuse contact requesting that they stop the activity as it is not wanted.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Distinguished Expert
Posts: 2,207
Registered: ‎08-21-2009
0 Kudos

Re: Request IKE IPSEC from strange IP address

Hello,

This website allows You to find out the geographical location for a given IP

https://www.maxmind.com/en/home

According to it, 112.220.235.82 is in South Korea.

If You or Your company has no business in/with S.Korea then highly likely someone is probing Your SRX for UDP port 500.

And You could see more probes for different TCP|UDP ports - if You have logging enabled for denied sessions. 

HTH

Thx

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !