Is anyone else seeing a lot of 'strange' IPSEC traffic? We started seeing logs
of IPSEC with invalid spi on Friday. We're seeing it on pretty much all of our
PE routers, none of which are setup to do anything VPN related. Most are just
routing local customer traffic.
decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=50,
spi=0x9D2D0000(2636972032), srcaddr=211.112.195.167, input
interface=TenGigabitEthernet0/0/11
decaps: rec'd IPSEC packet has invalid spi for destaddr=Y.Y.Y.Y, prot=50,
spi=0x14690000(342425600), srcaddr=74.116.56.244, input
interface=TenGigabitEthernet0/0/5
The destination address is always one of our customer's ip addresses. The
source seems to be all over the place, mostly Russia, Korea, China or south
east asia. It's not really impacting anything at the moment, just rather
annoying.
Thanks
Shawn
