%CRYPTO-4-RECVD_PKT_INV_SPI:

Unanswered Question
Apr 28th, 2009

Everyday I have a lot of this messages:

9317: Apr 28 03:00:16.709: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=89.175.xx.xx, prot=50, spi=0x6D715B56(1836145494), srcaddr=77.236.xx.xx

Then Virtual Tunnel Interfaces begin to bounce UP-DOWN.

Sometimes they "hang".

1. What causes them?

2. How can I avoid them?

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
vmoopeung Tue, 05/05/2009 - 08:39

A router that is running Cisco IOS Release 12.4(22)T and that is configured for L2L tunnels may intercept pass-thru UDP 4500 packets that are destined to internal client.

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x, prot=50, spi=0xDD8DEB2(232316594), srcaddr=y.y.y.y.

Is logged on the at-fault router.

Conditions: The router that is running Cisco IOS Release 12.4(22)T is configured for IPsec. Internal IPsec client being NATed on router using nat-t.

Workaround: There is no workaround.

SludnevTN_2 Mon, 05/25/2009 - 08:53

Thank you for your reply.

Does this means that some one inside LAN is trying to "vpn" somewhere?

Actions

Login or Register to take actions

This Discussion

Posted April 28, 2009 at 12:18 AM
Stats:
Replies:2 Avg. Rating:
Views:11311 Votes:1
Shares:0
Tags: No tags.
 

Discussions Leaderboard