GEN:SID 1:2043
Message MISC isakmp login failed
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the Internet Security Association and Key Management
Protocol (ISAKMP).

Impact Unknown.
Detailed Information ISAKMP is a framework for authentication using cryptographic keys. It
specifically defines the process of key exchange as opposed to the
generation of a cryptographic key.

ISAKMP also details the procedures for the required security
associations in network security services.

This event indicates that a key exchange using ISAKMP failed.
Affected Systems All systems using cryptographic key exchange as an authentication
method.
Attack Scenarios The attacker may have a store of keys associated with valid users and
may attempt to authenticate using a combination of username and key.
Ease of Attack Simple
Corrective Action Ensure that key exchanges are only allowed between trusted hosts.

Check log files for disallowed login attempts.
Additional References ISAKMP:
http://www.networksorcery.com/enp/protocol/isakmp.htm

RFC:
http://www.ietf.org/rfc/rfc2407.txt
http://www.ietf.org/rfc/rfc2408.txt

IANA:
http://www.iana.org/assignments/isakmp-registry