Received encrypted packet with no matching SA, dropping

Unanswered Question
Jul 3rd, 2008

Hi, I have setup ASA 5505 and on other site we are using songate FW and I have setup Tunnel between both devices and when I run this command sh isakmp then it shows the Tunnel status is active but when I try to ping any divice or try to open any server then it doesn't respond. I checked the asdm logs and found "Received encrypted packet with no matching SA, dropping" this error. Please advice. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Thu, 07/03/2008 - 20:37

sh crypto isa sa

sh crypto ipsec sa

ray_stone Sat, 07/05/2008 - 03:14

I have used both above commands and it shows me that the Tunnel is in Active mode. And only for the time being, I am able to ping the other site servers otherwise not. Please advice. I checked logs and found :- Received encrypted packet with no matching SA, dropping.... Please advice

ray_stone Sun, 07/06/2008 - 08:35

Please advice....

nomair_83 Sun, 07/06/2008 - 09:26

Hi,

Make sure your lifetime is same on both sides..and sysopt conn ipsec is permit.

a.alekseev Sun, 07/06/2008 - 09:59

show the configurations on both sides.

cisco24x7 Sun, 07/06/2008 - 14:57

You mentioned that you have Stonegate firewall

on the other side? Is that correct?

If this is the case, Stonegate uses Checkpoint

technologies. Therefore, I kinda suspect that

it supper-net the network on its end and send

it over to Cisco. That will definitely break

VPN.

Checkpoint the vpn encryption on the

stonegate's side and make sure that you do

not have super-net on stonegate. I am not

familiar with Stonegate but in Checkpoint,

you modified the parameter

"IKE_largest_possible_subnet" from true to

false. You can also modify the

$FWDIR/conf/user.def file and make sure you

include the networks behind stonegate

firewall.

What version of stonegate are you running?

Actions

Login or Register to take actions

This Discussion

Posted July 3, 2008 at 7:09 PM
Stats:
Replies:6 Overall Rating:
Views:14754 Votes:0
Shares:0
Tags: No tags.