Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
4
Replies

VPN

Kmageshkumar
Level 1
Level 1

‎09-12-2007 07:11 AM

Hi,

Can someone describe me what does send & receive errors in the SH CRYPTO IPSEC SA output mean?

Please help me...

interface: outside

Crypto map tag: VPNmap, local addr. 68.167.103.90

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.2.0/255.255.255.0/0/0)

current_peer: 68.164.17.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 383172, #pkts encrypt: 383172, #pkts digest 383172

#pkts decaps: 394111, #pkts decrypt: 394111, #pkts verify 394111

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 1863, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 68.164.17.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 5d01a410

inbound esp sas:

spi: 0xd47b3826(3564845094)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 9, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607995/7878)

IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0x5d01a410(1560388624)

transform: esp-des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 10, crypto map: VPNmap

sa timing: remaining key lifetime (k/sec): (4607996/7878)

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.5.0/255.255.255.0/0/0)

current_peer: 64.253.52.54:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 97, #pkts encrypt: 97, #pkts digest 97

#pkts decaps: 90, #pkts decrypt: 90, #pkts verify 90

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 8, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.52.54

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.4.0/255.255.255.0/0/0)

current_peer: 66.208.223.56:4500

PERMIT, flags={origin_is_acl,transport_parent,}

#pkts encaps: 588, #pkts encrypt: 588, #pkts digest 588

#pkts decaps: 468, #pkts decrypt: 468, #pkts verify 468

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 12, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 66.208.223.56

path mtu 1500, ipsec overhead 64, media mtu 1500

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

local ident (addr/mask/prot/port): (192.166.1.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.166.7.0/255.255.255.0/0/0)

current_peer: 64.253.63.126:0

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 68.167.103.90, remote crypto endpt.: 64.253.63.126

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0

Labels:
0 Helpful
4 Replies 4

mattiaseriksson
Level 3
Level 3

‎09-12-2007 10:40 AM

Hi, normally the send errors counter increment when the local side have packets to send over the tunnel, but fail to establish an ipsec sa.

0 Helpful

Kmageshkumar
Level 1
Level 1
In response to mattiaseriksson

‎09-14-2007 02:37 AM

Hi,

Thanks for your Reply.I am able to establish the tunnel & have the packets exchanged,but the tunnel suddenly goes down and it not coming up when we intiate trffic from either side,but it's coming UP after sometime by itself , we were not able to figure out why its happening,only problem i could see is send & Receive errors getting incremented in the "SH CRYPTO IPSEC SA " output.please guide me in this

0 Helpful

mattiaseriksson
Level 3
Level 3
In response to Kmageshkumar

‎09-14-2007 11:27 PM

Hi you need to provide some more information, attach a sanitized configuration and the output from debug crypto isakmp and debug crypto ipsec when the tunnel is not coming up.

0 Helpful

Kmageshkumar
Level 1
Level 1
In response to mattiaseriksson

‎09-15-2007 08:59 PM

Hi,

I will share the debug info ,when the tunnel goes down.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents