%CRYPTO-4-RECVD_PKT_INV_SPI:

Unanswered Question
Apr 28th, 2009

Everyday I have a lot of this messages:

9317: Apr 28 03:00:16.709: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=89.175.xx.xx, prot=50, spi=0x6D715B56(1836145494), srcaddr=77.236.xx.xx

Then Virtual Tunnel Interfaces begin to bounce UP-DOWN.

Sometimes they "hang".

1. What causes them?

2. How can I avoid them?

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vmoopeung Tue, 05/05/2009 - 08:39

A router that is running Cisco IOS Release 12.4(22)T and that is configured for L2L tunnels may intercept pass-thru UDP 4500 packets that are destined to internal client.

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x, prot=50, spi=0xDD8DEB2(232316594), srcaddr=y.y.y.y.

Is logged on the at-fault router.

Conditions: The router that is running Cisco IOS Release 12.4(22)T is configured for IPsec. Internal IPsec client being NATed on router using nat-t.

Workaround: There is no workaround.

SludnevTN_2 Mon, 05/25/2009 - 08:53

Thank you for your reply.

Does this means that some one inside LAN is trying to "vpn" somewhere?

Actions

Login or Register to take actions

This Discussion

Posted April 28, 2009 at 12:18 AM
Stats:
Replies:2 Overall Rating:
Views:11373 Votes:1
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Federico Coto F...
1,913
2
Jouni Forss
1,876
3
Marvin Rhoads
1,595
4
Karsten Iwen
1,109
5
Jon Marshall
688
Rank Username Points
Jon Marshall
150
rizwanr74
69
Karsten Iwen
46
Adeolu Owokade
20
Marvin Rhoads
15