No Natching SA

Unanswered Question

We have several clients unable to connect with NO visible error at the client.

At the ASA log the following error (713904|||IP =, Received encrypted packet with no matching SA, dropping) appears.

Each client is attempting to connect with a Verizon DSL line using client version 5. They are able to ping the ASA, but when attemptng to establish a connection the client set idle until it just stops attempting to connect. Each client is able to connect from other locations.

Any thoughts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dirkmelvin Thu, 10/30/2008 - 09:48

I am getting this error with the latest client and with the previous one too, but I only see this error when the client has been connected and working. From end-user input it seems like around 13 minutes and it drops their connection.

These users all connect via laptop using ALLTEL cards. I have had an IT person connect one of the laptops directly to her network (outside of the ASA5505) and it still drops around the 13 minute mark according to her.

IP = (outside IP of VPN client not IP assigned by ASA), Received encrypted packet with no matching SA, dropping

craig.eyre Fri, 12/19/2008 - 15:19

Hi Dirk,

Did you resolve this issue? If so, what was the fix.


dirkmelvin Mon, 12/22/2008 - 11:59

I have not resolved this issue. But I disagree with the post before mine, because if there was a key mismatch they wouldn't have connected in the first place. These are happening when someone has been connected for minutes even hours then all of a sudden it gives that error and they lose the ability to see things on the network, and eventually disconnect all together.


This Discussion