VPN

Unanswered Question
Sep 12th, 2007
User Badges:

Hi,


Can someone describe me what does send & receive errors in the SH CRYPTO IPSEC SA output mean?


Please help me...


interface: outside

Crypto map tag: VPNmap, local addr. 68.167.103.90


local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.2.0/255.255.255.0/0/0)

current_peer: 68.164.17.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 383172, #pkts encrypt: 383172, #pkts digest 383172

#pkts decaps: 394111, #pkts decrypt: 394111, #pkts verify 394111

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 1863, #recv errors 0


local crypto endpt.: 68.167.103.90, remote crypto endpt.: 68.164.17.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 5d01a410


inbound esp sas:

spi: 0xd47b3826(3564845094)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 9, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607995/7878)

IV size: 8 bytes

replay detection support: Y



inbound ah sas:



inbound pcp sas:



outbound esp sas:

spi: 0x5d01a410(1560388624)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 10, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607996/7878)

IV size: 8 bytes

replay detection support: Y



outbound ah sas:



outbound pcp sas:




local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.5.0/255.255.255.0/0/0)

current_peer: 64.253.52.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 97, #pkts encrypt: 97, #pkts digest 97

#pkts decaps: 90, #pkts decrypt: 90, #pkts verify 90

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 8, #recv errors 0


local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.52.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 0


inbound esp sas:



inbound ah sas:



inbound pcp sas:



outbound esp sas:



outbound ah sas:



outbound pcp sas:




local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.4.0/255.255.255.0/0/0)

current_peer: 66.208.223.56:4500

PERMIT, flags={origin_is_acl,transport_parent,}

#pkts encaps: 588, #pkts encrypt: 588, #pkts digest 588

#pkts decaps: 468, #pkts decrypt: 468, #pkts verify 468

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 12, #recv errors 0


local crypto endpt.: 68.167.103.90, remote crypto endpt.: 66.208.223.56

path mtu 1500, ipsec overhead 64, media mtu 1500

current outbound spi: 0


inbound esp sas:



inbound ah sas:



inbound pcp sas:



outbound esp sas:



outbound ah sas:



outbound pcp sas:




local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.7.0/255.255.255.0/0/0)

current_peer: 64.253.63.126:0

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0


local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.63.126

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 09/12/2007 - 10:40
User Badges:
  • Bronze, 100 points or more

Hi, normally the send errors counter increment when the local side have packets to send over the tunnel, but fail to establish an ipsec sa.



Kmageshkumar Fri, 09/14/2007 - 02:37
User Badges:

Hi,


Thanks for your Reply.I am able to establish the tunnel & have the packets exchanged,but the tunnel suddenly goes down and it not coming up when we intiate trffic from either side,but it's coming UP after sometime by itself , we were not able to figure out why its happening,only problem i could see is send & Receive errors getting incremented in the "SH CRYPTO IPSEC SA " output.please guide me in this

mattiaseriksson Fri, 09/14/2007 - 23:27
User Badges:
  • Bronze, 100 points or more

Hi you need to provide some more information, attach a sanitized configuration and the output from debug crypto isakmp and debug crypto ipsec when the tunnel is not coming up.

Kmageshkumar Sat, 09/15/2007 - 20:59
User Badges:

Hi,


I will share the debug info ,when the tunnel goes down.

Actions

This Discussion