GRE Tunnel Error "crypto-4-recvd_pkt_inv_spi"

Unanswered Question
Jan 12th, 2009

I have a hub-spoke topology with GRE tunnels using OSPF. There are two tunnels each associated to their own physical interface on each router. All the connectivty is fine. However, this design is a redundant design so I am testing the failure of the links (physical interfaces as well as the tunnels). When I "shutdown" the Tunnel0 or Tunnel1 interface the traffic is reestablished over the other physical/logical route and pings continue. When I "no shutdown" the interface everything returns back to normal. So far so good....now when I physically remove the cable from the hub router interface FA0/0 or FA0/1 the tunnel will NOT failover to the active interface..AND when I reconnect the cable the tunnel cannot re-establish. I get the "crypto-4-recvd_pkt_inv_spi" error. When I issue the "clear crytpo session" on the hub or spoke the tunnel comes back up. I have tried the "crytpo isakmp invalid-spi-recovery" command but it does not change the results.

I am running version 12.4(13r)T on all routers.

Any ideas on what I can try to make this work if I physically lose a port or connection?

Thanks,

Justin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Mon, 01/12/2009 - 15:19

Do you have isakmp keepalives enabled on both peers, seems they are not detecting that the endpoints are not reachable any longer.

Actions

This Discussion