cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24143
Views
0
Helpful
6
Replies

Received encrypted packet with no matching SA, dropping

ray_stone
Level 1
Level 1

Hi, I have setup ASA 5505 and on other site we are using songate FW and I have setup Tunnel between both devices and when I run this command sh isakmp then it shows the Tunnel status is active but when I try to ping any divice or try to open any server then it doesn't respond. I checked the asdm logs and found "Received encrypted packet with no matching SA, dropping" this error. Please advice. Thanks.

6 Replies 6

a.alekseev
Level 7
Level 7

sh crypto isa sa

sh crypto ipsec sa

ray_stone
Level 1
Level 1

I have used both above commands and it shows me that the Tunnel is in Active mode. And only for the time being, I am able to ping the other site servers otherwise not. Please advice. I checked logs and found :- Received encrypted packet with no matching SA, dropping.... Please advice

Please advice....

Hi,

Make sure your lifetime is same on both sides..and sysopt conn ipsec is permit.

show the configurations on both sides.

You mentioned that you have Stonegate firewall

on the other side? Is that correct?

If this is the case, Stonegate uses Checkpoint

technologies. Therefore, I kinda suspect that

it supper-net the network on its end and send

it over to Cisco. That will definitely break

VPN.

Checkpoint the vpn encryption on the

stonegate's side and make sure that you do

not have super-net on stonegate. I am not

familiar with Stonegate but in Checkpoint,

you modified the parameter

"IKE_largest_possible_subnet" from true to

false. You can also modify the

$FWDIR/conf/user.def file and make sure you

include the networks behind stonegate

firewall.

What version of stonegate are you running?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: