cancel
Showing results for 
Search instead for 
Did you mean: 

IPSec VPN log suspicious activity

KG49
Star III

My IPSec VPN System Log has a lot of activity. I was just setting it up today after registering the DDNS for the first time on this new router after releasing it from an old router. I did have this VPN selected on with all of the settings entered. The following log entries are just the latest from today. Can anyone tell what is going on here? Looks like access attempts to me. I replaced my IP with xx in the following.

Thanks

Nov 1 03:50:08 07[NET] received packet: from 71.6.134.234[59525] to 72.xx.xxx.xxx[500] (296 bytes)
Nov 1 03:50:08 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 1 03:50:08 07[IKE] 71.6.134.234 is initiating an IKE_SA
Nov 1 03:50:08 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 1 03:50:08 07[IKE] sending cert request for "C=TW, O=ASUS, CN=ASUS RT-AX86U Root CA"
Nov 1 03:50:08 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) V ]
Nov 1 03:50:08 07[NET] sending packet: from 72.xx.xxx.xxx[500] to 71.6.134.234[59525] (309 bytes)
Nov 1 03:50:38 05[JOB] deleting half open IKE_SA with 71.6.134.234 after timeout

3 REPLIES 3

jzchen
Rising Star II

You’ll have to forgive me for lack of experience with VPNs in general, but I found this looking up “IKE_SA”.  Up front I suspect the VPN is looking for your old router/catching that this is a different router.  May need to update the VPN somehow with your new router, similar to DDNS.

https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.7.0/GUID-3C7F5153-F297-441C-8C58-6E8F37261763.....

Aureliannn_ASUS
Moderator
Moderator

Hi @KG49 ,

based on your issue, 

may I ask could you provide the router model?

Have you make sure that the firmware is at the latest version?

In order to better assist you, can you submit a feedback form Web GUI (http://www.asusrouter.com).
1.Connect your device to your router and log in to Web GUI(http://www.asusrouter.com)
2.Find “Administration,” and tap “Feedback”
3.Fill in your region, email (required field), ASUS Service No./Case No.(not required),Select the feedback problem and description.You can also write down comments/suggestions. More details might help us to analyze the issue you have encountered in a faster and more efficient way.
4.Read the agreement and click “I agree.”
5.Tap “Send” to submit your feedback.
Then provide the product serial number, the time of submitting the issue report, the email used for filling out the issue report, and the time when the issue occurred via private message.

At the same time, we will forward the logs you provided to the relevant team for further investigation. If there are any updates, we will inform you.

Thank you.

KG49
Star III

Aureliannn_ASUS, I sent the feedback as requested.

This router is RT-AX86U Pro with firmware  3.0.0.4.388_23565-g3d79d4e