Network Policy Server VPN authentication weird ip address

Announcer
Getting noticed

Network Policy Server VPN authentication weird ip address

All my clients who vpn in are authenticated also through our Network Policy Server.  When I look in the event viewer, all the requests have an NAS ipv4 of 6.233.169.224 address.  Is this something from Meraki?  When I look it up it is an address in Colorado.  Should I be concerned about this?6.233.pngvpn2.png

5 REPLIES 5
Nash
Kind of a big deal

I took a quick look at the NPS logs for a client of mine. Their requests also originate from a 6.0.0.0/8 IP address. I'd be willing to bet that this is due to communication with the Meraki cloud but I have no proof.

jdsilva
Kind of a big deal

For some reason I've yet to determine, Meraki devices (not sure which, but many for sure) seem to use a 6. address internally for "something". 

 

What I can't figure out is why they're using IP's in a range owned by the US Army Intelligence and Security Command. 

 

Yes, that's right, Meraki devices appear to be hardcoded with an IP owned by a US intelligence service. 

 

image.png

 

 

image.png

kYutobi
Kind of a big deal

@jdsilva 

😲

jdsilva
Kind of a big deal

I have an MV72 that displays this behavior too. I have both the wired and wireless interfaces active on it, and it generates IP conflicts from time to time. I never posted about it here, or opened a case, but I did throw it out to the Twitterverse to for comments.

 

https://twitter.com/jdsilva/status/1118719991036010496

 

 

Announcer
Getting noticed

Seems like I've opened up a can of worms!  I guess I'm not being hacked and it's ok for now.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels