IPSec Spoof Detected error on VPN route

Similar Messages

• Error Message : Drop-reason: (ipsec-spoof) IPSEC Spoof detected

  Hi,
  When i run a Packet tracer in PIX, getting a below output:
  Result:
  input-interface: outside_interface
  input-status: up
  input-line-status: up
  output-interface: mpls_interface
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (ipsec-spoof) IPSEC Spoof detected
  Please help me to fix this issue.

  Hi,
  To my understanding you are trying to emulate VPN/Encrypted traffic from the PIX firewalls outside interface and therefore the PIX drops the traffic (because its supposed to be encrypted traffic arriving on a VPN connection to the PIX)
  If you are testing a L2L VPN connection on the PIX, do the test in the other direction. From IN -> OUT
  This should already bring the VPN tunnel up even though no actual traffic is generated to the tunnel.
  - Jouni

• IPSEC Spoof detected

  Hi Jazib,
  May i ask you a question? I face an unsolved issue. After i tested using packet-tracer, below is the results;
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: outside
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (ipsec-spoof) IPSEC Spoof detected
  But when trying on "inside", it successful.
  Let me draws out my issue;
  server <-connect-> pix <-connect-> router <-> pix <-connect-> user
  ipsec is between the outside leg of 2 pix fws
  server using port 80,443 and 2000.
  I encountered problem in access web services using 2000. It is ok for 80 and 443.
  In pix, using packet-tracer. All 3 ports results are same. Me ipsec configuration is simple one. end to end.
  Do you know what go wrong? Really appreciate for your advise and help.
  Thank you.

  IPSEC Spoof detected:
  This counter will increment when the security appliance receives a packet which should have been encrypted but was not. The packet matched the inner header security policy check of a configured and established IPSec connection on the security appliance but was received unencrypted. This is a security issue.
  Recommendation: Analyze your network traffic to determine the source of the spoofed IPSec traffic.
  Refer the following URL for more information on syslog message related to "IPSEC Spoof detected" being the reason for drop:
  http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4772700

• PIX 501 and Linksys VPN Router (WRV200)

  I have inherited a job where we have a Cisco PIX 501 firewall at one site, and Linksys WRV200 VPN Router on two other
  sites. I have been asked to connect these Linksys routers to the PIX firewall via VPN.
  I believe the Linksys vpn routers can only connect via IPSec VPN, so i am looking for help on configuring the PIX 501 to allow the linksys to connect with the following parameters, if possible.
  Key Exchange Method: Auto (IKE)
  Encryption: Auto, 3DES, AES128, AES192, AES256
  Authentication: MD5
  Pre-Shared Key: xxx
  PFS: Enabled/Disabled
  ISAKMP Key Lifetime: 28800
  IPSec Key Lifetime: 3600
  On the PIX i have the PDM installed and i have tried using the VPN Wizard to no avail.
  I chose the following settings when doing the VPN Wizard:
  Type of VPN: Remote Access VPN
  Interface: Outside
  Type of VPN Client Device used: Cisco VPN Client
  (can choose Cisco VPN 3000 Client, MS Windows Client using PPTP, MS Windows client using L2TP)
  VPN Client Group
  Group Name: RabyEstates
  Pre Shared Key: rabytest
  Extended Client Authentication: Disabled
  Address Pool
  Pool Name: VPN-LAN
  Range Start: 192.168.2.200
  Range End: 192.168.2.250
  DNS/WINS/Default Domain: None
  IKE Policy
  Encryption: 3DES
  Authentication: MD5
  DH Group: Group 2 (1024-bit)
  Transform Set
  Encryption: 3DES
  Authentication: MD5
  I have attached the VPN log from the Linksys VPN Router.
  This is the first time i've ever worked with PIX so i'm still trying to figure the thing out, but i'm confident with CCNA level networking.
  Thanks for your help!

  Hi again,
  I believe the pix has a 3des license because of the following parts of the "show version"
  Licensed Features:
  Failover: Disabled
  VPN-DES: Enabled
  VPN-3DES-AES: Enabled
  This PIX has a Restricted (R) license.
  I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
  As for the other show commands they give:
  pixfirewall# show crypto isakmp sa
  Total : 0
  Embryonic : 0
  dst src state pending created
  pixfirewall# show crypto ipsec sa
  interface: outside
  Crypto map tag: transam, local addr. 10.0.0.1
  local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
  remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
  current_peer: 10.0.0.2:0
  PERMIT, flags={origin_is_acl,}
  #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
  #pkts compressed: 0, #pkts decompressed: 0
  #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
  #send errors 0, #recv errors 0
  local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
  path mtu 1500, ipsec overhead 0, media mtu 1500
  current outbound spi: 0
  inbound esp sas:
  inbound ah sas:
  inbound pcp sas:
  outbound esp sas:
  outbound ah sas:
  outbound pcp sas:
  pixfirewall#
  Thanks again Daniel, i really appreciate your help on this matter.

• First time vpn router

                     First time with a vpn router and need advice getting everything running with my current vpn provider.
  router: 887vag vdsl2/adsl2+ POTS with 3g.
  question: Do i need to flash the router with dd-wrt?
  Are there any step by step guides you can give for this
  thnx

  Hi again,
  I believe the pix has a 3des license because of the following parts of the "show version"
  Licensed Features:
  Failover: Disabled
  VPN-DES: Enabled
  VPN-3DES-AES: Enabled
  This PIX has a Restricted (R) license.
  I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
  As for the other show commands they give:
  pixfirewall# show crypto isakmp sa
  Total : 0
  Embryonic : 0
  dst src state pending created
  pixfirewall# show crypto ipsec sa
  interface: outside
  Crypto map tag: transam, local addr. 10.0.0.1
  local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
  remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
  current_peer: 10.0.0.2:0
  PERMIT, flags={origin_is_acl,}
  #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
  #pkts compressed: 0, #pkts decompressed: 0
  #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
  #send errors 0, #recv errors 0
  local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
  path mtu 1500, ipsec overhead 0, media mtu 1500
  current outbound spi: 0
  inbound esp sas:
  inbound ah sas:
  inbound pcp sas:
  outbound esp sas:
  outbound ah sas:
  outbound pcp sas:
  pixfirewall#
  Thanks again Daniel, i really appreciate your help on this matter.

• Error 442 vpn adapter failed

  i am sitting in lan
  getting nat through firewall and try to connect vpn client but it is showing error 442 vpn adapter failed ,a cisco vpn adapter is showing in pc.
  thanks

  Hi,
  Can you uninstall/reinstall the Cisco IPsec VPN client software on this machine?
  Federico.

• Internet stops with PPTP VPN connections to ASUS RT-N66U VPN Router

  I have a client with a small office network that has a few people working remotely from Windows 7 and 8 PCs. As an inexpensive solution the client opted to use a VPN router (ASUS RT-N66U) that supports PPTP so remote users could access the shared
  files and SQL DB server. 
  The VPN connectivity for one client was working fine and then stopped working altogether so when the VPN connection is established all Internet and VPN access is stopped. This was especially troubling for me since I work remotely and cannot test or debug after
  the VPN session has been connected. I checked the error logs and found nothing. Also there had been no new programs installed. And finally, I ran a full system antivirus scan with no issues found.
  In case you are facing a similar issue, before trying something remotely that may not work, use the shutdown with reboot command in a COMMAND window and set a timer for something like 3 minutes to reboot in case you get stuck. (e.g. shutdown -r -t 180). 
  Problem: The two symptoms of the VPN connection failure are:
  1) All Internet browsing stops working locally 
  2) No data can pass through the VPN tunnel
  I created a virtual machine on my local network and replicated the client's environment. I experimented with nearly every setting in the VPN dialogue until and came to the final solution. 
  Solution: For the VPN adapter on the remote machines I configured DNS settings and used the remote as the default gateway.
  * VPN adapter Networking IPV4 Properties for:
  - DNS server 1: Main Office VPN Router IP Address
  - DNS server 2: A public DNS server (Google is 8.8.8.8)
  - I also checked the box to "register this connection addresses in DNS"
  Note: Perhaps the local router would also have worked and DNS2 but I didn't test it.
  I have documented this because after reading and searching among many Technical articles and the Microsoft support website, I was unable to find the solution that I came up with so I hope to help someone else. 
  Question1: - Can anyone tell me why the connectivity only works when 'use default gateway on remote network' is checked?
  - I have disabled this option with some business class VPN routers and the connectivity still worked to the remote network but it does not work to the Asus router.
  Question2: From the information provided can I determine where the problem lies?
  Is it the:
  1) Remote client PC
  2) Remote client router
  3) Home office VPN router (Asus RT-N66U)
  If the true culprit cannot be determined yet, what steps do you recommend so I can isolate the true cause of the failure.
  I appreciate any help so that I can be sure my solution is valid and pass along the findings to ASUS if it is their issue.

  Thank you for the suggestion. I have successfully connected through the VPN router when the one client was unable to get VPN throughput working.
  I looked at the routing tables with and without the VPN connection established. The differences are that:
  1) when VPN is NOT active, there is a route from the local NIC IP to the Internet IP address of the local gateway
  destination 68.109.82.xx
  mask 255.255.255.0
  gateway 192.168.0.1
  interface 192.168.0.11
  metric 21
  2) when VPN IS active, the route to the Internet IP address of the local gateway is deleted and a persistent route to the VPN router local network has been added
  Persistent route:
  destination 192.168.21.0
  mask 255.255.255.0
  gateway 192.168.0.1
  interface 192.168.0.11
  metric 1

• Fix for ORA-00060: Deadlock detected errors

  Hello APEX community,
  in the last days we are hitting more and more frequent the ORA-00060: Deadlock detected error in one of our applications. Logged an SR with Oracle Support but so far not too much help, except pointing to some older bugs:
  Bug 6618662: APEX APPEARS TO BE CAUSING DEADLOCK - CASE COLLECTION or Bug 7587013: INSERTING AND DELETING WWV_FLOW_DATA CAUSES DEADLOCK, which do not look at all appealing as the first bug was logged in Nov 2007 and the resolution was delayed from version 3.1, to 4.0 and even to 4.1, while de second was logged in Nov 2008 and not much happened with it.
  I am curious how many other users are hitting the same issue and which workarounds found for the problem. For example yesterday I could see 12 such errors in my log, today already 3.
  Florin

  Hi John,
  here it is: http://www.moyersoen.be/auction/1442/ or http://www.moyersoen.be/pls/apex/f?p=2008:11:0::::P11_AUCTION_ID:1442. Normally the page response time is < 0.20, but from time to time it goes up to more than 20 seconds and at those times I can see also the ORA-00060: Deadlock detected errors.
  Looks like the users are clicking twice refresh for that page. I am trying now to build a testcase that reproduce the issue easily.
  Florin

• Error in back routing Error in communication channel

  Hi Friends,
    I am sending the Idoc from ECC250 to ECC150 using XI, whenever I am sending the Idoc, I got this error Error in back routing Error in communication channel in SXMB_MONI.
  In IDX2 also I got this error I:000.
  Please suggest me how to resolve this issue.
  Regards,
  Shalini Shah

  Did you cross checked all the configurations are in Place.?
  I understand that the idoc has been received from ECC250 ,Are able to see the payload (i.e idoc )
  in SXMB_MONI ?
  IS configuration steps like
  Receiver determination,
  Interface determination
  are correct?
  Rajesh

• Error on ICM router

  Dear All,
  We are running icm 7.2.4. from last couple of days we have started getting these errors on our router process. following are the errors that we are getting
  11:30:24 rb-rtr Translation route timeout for controller ABC_VRUPG8 (ID 5007), route TR1_IVRCallBack.24 (ID 5158).
  11:30:29 rb-rtr Translation route timeout for controller ABC_VRUPG8 (ID 5007), route TR1_IVRCallBack.45 (ID 5179).
  11:33:00 rb-rtr Unknown Admin Script result code (15)
  if anyone could guide me where and how to start troubleshooting this error i would be thankful. by the way we have not received any complains from the call center yet.

  Check the logs in the PG involved. In your case, ABC_VRUPG8 (ID 5007), route TR1_IVRCallBack.24 (ID 5158).
  The DNIS and Network Target ID associated with the failing route. This information is
  located in the Peripheral Target table located in Configure ICM.
  Scripts and Versions using the translation route(s)
  -Sunil

• Preflight detected errors - overset text (1)

  Hi
  I have copied / pasted text from a Word document and tried 2 ways to place it in my InDesign CS6 document
  (1) putting copied text into a prepared text box
  (2) using the 'text box' that 'came with' the copied text (enlarged to fit area)
  each time the dreaded 'red box with a + ' sign inside appears on the rt. side of the 'finalised' text
  and 1 error shows at the bottom which is the Preflight detected error - overset text
  I have loads of other text in my document but none copied/pasted
  Writing the text manually into the document is not an option in this case
  Do I have to format it somehow? I would really appreciate a really simple A-Z step answer for this old gal
  cheers  - any help will really stop my hair from greying any further Lou

  Does the text contain special glyphs that require a font with Maori support? Id not then you can edit the styles to change the font (or, on the strong probability that the Word file doen't really use styles, you can use Find Font to replace it). if you do need Maori support, you should install a font that supports it, like Arial Maori, on the computer. ID uses any fonts installed normally for the OS (presuming they are not really badly made) or that are located in the private Adobe or InDesign fonts folders.

• Switchport module within 1800 VPN router

  Hi Folks,
  I have a Cisco 1801 VPN router (using PPPoA) which I currently have one PC attached to the Fe0 port which in turn picks up a DHCP address from the local pool within the router.
  I am now planning to add a few more PC?s to the site and I was looking to use the extra 8 switchports available on the router.
  Up until now I have been using a 2950 switch and hanging it off the Fe0 port so that I can also extend the subnet.
  When I try to plug a PC into the extra switchports no DHCP address is obtained. From what I can tell I will have to create a VLAN on the router to assign the switchports too. However when I do this I am unable to extend the subnet from the Fe0 port onto the switch module as I receive a ?Subnet already in use? message from the CLI.
  Thanks for your help
  Kris

  I think your are connecting to the wrong switch.
  This URL should help you:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75c.html

• [svn:bz-trunk] 21394: bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX .

  Revision: 21394
  Revision: 21394
  Author:   [email protected]
  Date:     2011-06-16 12:34:13 -0700 (Thu, 16 Jun 2011)
  Log Message:
  bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX.
  get the sessions id before we invalidate the duplicate session.
  Checkintests pass
  Modified Paths:
      blazeds/trunk/modules/core/src/flex/messaging/endpoints/BaseHTTPEndpoint.java

  For our profect I think this issue was caused as follows:
  Believing that remoting was full asynchronous we fired a 2 or 3 remote calls to the server at the same time ( within the same function ) - usually when the users goes to a new section of the app.
  This seemed to trigger the duplicate http session error since according to http://blogs.adobe.com/lin/2011/05/duplication-session-error.html  two remote calls arriving before a session is created will cause 2 sessions to be created.
  Our current solution ( too early to say it works ) is to daisy chain the multiple calls together .
  Also there seemed to be an issue where mobile apps that never quit ( thanks Apple! )  caused the error when activated after a few hours.
  I guess the session expires on the server and the error above occurs on activation.
  So the mobile apps now ping the server with a remote call when activated after sleeping for more than one hour.
  All duplicate http errors are silently caught and reported.
  Fingers crossed we won't get any more!

• T-code CO01 to create Production order:error message "No routing found"?

  I use t-code CO01 to create Production order.At the first screen I select material 72 and plant HJW1 .At the Header creen,I input the data in the General tab and press return but the sap show the error message "No routing found".But I have create the routing for the material 72 and plant HJW1.I don't know why the sap found no routing.So my question was how to found the reason about why the sap can not found the routing and how to resolve this problem.Thank you.

  Hi,
  Probably you would have created the routing today, with valid from todays date. But the order you are creating may be with start date in past and system is not able to find and valid routing for the day.
  I would suggest you to remove both the Basic "Start" and "End" and change the scheduling type to "Current date Scheduling", now enter. If system still not finding the routing, use the function "Read PP Master data".
  Regards,
  Prasobh

• How to make a VPN route permanent ?

  I have a VPN between my office and a lab on the east coast and I can use the following command from my Terminal to enable the route in my Leopard Server:
  route add -net 10.48.239.0 -netmask 255.255.255.0 192.168.1.254
  How can I make this a permanent route? At this time if I reboot the server I must get into the Terminal and use the following two lines to make everything work again:
  sudo su
  route add -net 10.48.239.0 -netmask 255.255.255.0 192.168.1.254
  Thanks for any information any of you may have.
  By the way within 6 months I will be doing the same task on a new Snow Leopard Server so if there are differences please feel free to chime in.

  If you're having to manually set VPN routes then you're doing something wrong.
  It isn't clear from your post where you're doing this. You say you set this 'in my Leopard Server', but it's not clear whether that server is the VPN server on the east coast, a server in your office, or another server anywhere else.
  Normally, the VPN server sends out a list of routes the client should use, so knowing the above will help narrow down where your problem lies.