09-12-2007 07:11 AM
Hi,
Can someone describe me what does send & receive errors in the SH CRYPTO IPSEC SA output mean?
Please help me...
interface: outside
Crypto map tag: VPNmap, local addr. 68.167.103.90
local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.166.2.0/255.255.255.0/0/0)
current_peer: 68.164.17.54:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 383172, #pkts encrypt: 383172, #pkts digest 383172
#pkts decaps: 394111, #pkts decrypt: 394111, #pkts verify 394111
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 1863, #recv errors 0
local crypto endpt.: 68.167.103.90, remote crypto endpt.: 68.164.17.54
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 5d01a410
inbound esp sas:
spi: 0xd47b3826(3564845094)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 9, crypto map: VPNmap
sa timing: remaining key lifetime (k/sec): (4607995/7878)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x5d01a410(1560388624)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 10, crypto map: VPNmap
sa timing: remaining key lifetime (k/sec): (4607996/7878)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.166.5.0/255.255.255.0/0/0)
current_peer: 64.253.52.54:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 97, #pkts encrypt: 97, #pkts digest 97
#pkts decaps: 90, #pkts decrypt: 90, #pkts verify 90
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 8, #recv errors 0
local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.52.54
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.166.4.0/255.255.255.0/0/0)
current_peer: 66.208.223.56:4500
PERMIT, flags={origin_is_acl,transport_parent,}
#pkts encaps: 588, #pkts encrypt: 588, #pkts digest 588
#pkts decaps: 468, #pkts decrypt: 468, #pkts verify 468
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 12, #recv errors 0
local crypto endpt.: 68.167.103.90, remote crypto endpt.: 66.208.223.56
path mtu 1500, ipsec overhead 64, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.166.7.0/255.255.255.0/0/0)
current_peer: 64.253.63.126:0
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.63.126
path mtu 1500, ipsec overhead 0, media mtu 1500
current outbound spi: 0
09-12-2007 10:40 AM
Hi, normally the send errors counter increment when the local side have packets to send over the tunnel, but fail to establish an ipsec sa.
09-14-2007 02:37 AM
Hi,
Thanks for your Reply.I am able to establish the tunnel & have the packets exchanged,but the tunnel suddenly goes down and it not coming up when we intiate trffic from either side,but it's coming UP after sometime by itself , we were not able to figure out why its happening,only problem i could see is send & Receive errors getting incremented in the "SH CRYPTO IPSEC SA " output.please guide me in this
09-14-2007 11:27 PM
Hi you need to provide some more information, attach a sanitized configuration and the output from debug crypto isakmp and debug crypto ipsec when the tunnel is not coming up.
09-15-2007 08:59 PM
Hi,
I will share the debug info ,when the tunnel goes down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide