04-28-2009 12:18 AM
Everyday I have a lot of this messages:
9317: Apr 28 03:00:16.709: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=89.175.xx.xx, prot=50, spi=0x6D715B56(1836145494), srcaddr=77.236.xx.xx
Then Virtual Tunnel Interfaces begin to bounce UP-DOWN.
Sometimes they "hang".
1. What causes them?
2. How can I avoid them?
05-05-2009 08:39 AM
A router that is running Cisco IOS Release 12.4(22)T and that is configured for L2L tunnels may intercept pass-thru UDP 4500 packets that are destined to internal client.
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x, prot=50, spi=0xDD8DEB2(232316594), srcaddr=y.y.y.y.
Is logged on the at-fault router.
Conditions: The router that is running Cisco IOS Release 12.4(22)T is configured for IPsec. Internal IPsec client being NATed on router using nat-t.
Workaround: There is no workaround.
05-25-2009 08:53 AM
Thank you for your reply.
Does this means that some one inside LAN is trying to "vpn" somewhere?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: