VPN

Unanswered Question
Sep 12th, 2007

Hi,

Can someone describe me what does send & receive errors in the SH CRYPTO IPSEC SA output mean?

Please help me...

interface: outside

Crypto map tag: VPNmap, local addr. 68.167.103.90

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.2.0/255.255.255.0/0/0)

current_peer: 68.164.17.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 383172, #pkts encrypt: 383172, #pkts digest 383172

#pkts decaps: 394111, #pkts decrypt: 394111, #pkts verify 394111

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 1863, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 68.164.17.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 5d01a410

inbound esp sas:

spi: 0xd47b3826(3564845094)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 9, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607995/7878)

IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0x5d01a410(1560388624)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 10, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607996/7878)

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.5.0/255.255.255.0/0/0)

current_peer: 64.253.52.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 97, #pkts encrypt: 97, #pkts digest 97

#pkts decaps: 90, #pkts decrypt: 90, #pkts verify 90

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 8, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.52.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.4.0/255.255.255.0/0/0)

current_peer: 66.208.223.56:4500

PERMIT, flags={origin_is_acl,transport_parent,}

#pkts encaps: 588, #pkts encrypt: 588, #pkts digest 588

#pkts decaps: 468, #pkts decrypt: 468, #pkts verify 468

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 12, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 66.208.223.56

path mtu 1500, ipsec overhead 64, media mtu 1500

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.7.0/255.255.255.0/0/0)

current_peer: 64.253.63.126:0

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.63.126

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 09/12/2007 - 10:40

Hi, normally the send errors counter increment when the local side have packets to send over the tunnel, but fail to establish an ipsec sa.

Kmageshkumar Fri, 09/14/2007 - 02:37

Hi,

Thanks for your Reply.I am able to establish the tunnel & have the packets exchanged,but the tunnel suddenly goes down and it not coming up when we intiate trffic from either side,but it's coming UP after sometime by itself , we were not able to figure out why its happening,only problem i could see is send & Receive errors getting incremented in the "SH CRYPTO IPSEC SA " output.please guide me in this

mattiaseriksson Fri, 09/14/2007 - 23:27

Hi you need to provide some more information, attach a sanitized configuration and the output from debug crypto isakmp and debug crypto ipsec when the tunnel is not coming up.

Actions

This Discussion