Hi,
One of my machines is seeing a continous stream of NAT-T keepalive probes for which we have no state (and for which we had no state for days or weeks or ever). These always seem to come in sets of 3 probes at once, every 20 seconds. And oddly enough on port 500, not 4500. Containing the 1 byte 0xFF NAT-Keepalive payload. Currently offending IPs are: 87.236.232.253, 46.34.71.246 and 64.115.92.187. Small pcap entry attached. Has oneone experienced these before? Is this a known bad device? Or am I just special? :) Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
