Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Couldnt parse IKE message

Can anyone tell me how i can stop this from happening?

The IP address is from Ukraine and nothing to do with this connection or s2s so I am a bit worried its some sort of attempted hack on port 500.

Ive put a block (drop) on the IP incoming but thats not stopped it.

Cheers



This thread was automatically locked due to age.
Parents Reply Children
  • Hi PeteH,

    I would recommend using the drop rule to avoid being probe by any unwanted source.

    You may also refer to the following options.

    Configure a blackhole DNAT FW rule and put it on the bottom rule of the VPN allow rule (but on the VPN allow rule, you must specify the IP of the users that they commonly use) and let the deny any-any blackhole DNAT serve as a deny-all for any unwanted attempt.

    Or configure the blackhole DNATt rule and put it on the malicious IPs on the source of the rule, then on top of the FW allow rule for VPN

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I followed the instructions on your previous link. so my fw and nat rule looks like this.

    Which bits need changing?