04-28-2009 12:18 AM
Everyday I have a lot of this messages:
9317: Apr 28 03:00:16.709: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=89.175.xx.xx, prot=50, spi=0x6D715B56(1836145494), srcaddr=77.236.xx.xx
Then Virtual Tunnel Interfaces begin to bounce UP-DOWN.
Sometimes they "hang".
1. What causes them?
2. How can I avoid them?
05-05-2009 08:39 AM
A router that is running Cisco IOS Release 12.4(22)T and that is configured for L2L tunnels may intercept pass-thru UDP 4500 packets that are destined to internal client.
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x, prot=50, spi=0xDD8DEB2(232316594), srcaddr=y.y.y.y.
Is logged on the at-fault router.
Conditions: The router that is running Cisco IOS Release 12.4(22)T is configured for IPsec. Internal IPsec client being NATed on router using nat-t.
Workaround: There is no workaround.
05-25-2009 08:53 AM
Thank you for your reply.
Does this means that some one inside LAN is trying to "vpn" somewhere?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide