DMVPN behind ASA with no NAT

Unanswered Question
Feb 18th, 2010

I have a remote site, the DMVPN router is behind ASA firewall with dedicated Public IP. No NAT is involved.

The firewall rule allows inbound GRE, ESP and AH.

The VPN connection drops a few times a day which really impacting the business.

The router log shows:

CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr.....

Is there anything I should pay attention to, i.e. addtional firewall rules?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion