- Super Bronze, 10000 points or more
We have a Cisco 6500 with WS-SVC-IPSEC-1 (think that should be the right one) with which we have built customer L2L VPN connections.
Only one customer has been lately reporting problems with the VPN connection where the traffic stops totally and "clear crypto session remote <IP>" seems to resolve the issue.
Ive tried to check the statistics of the VPN connection with "show crypto ipsec sa vrf <VRF>" and have wondered what would cause the increasing number of "recv errors"?
I havent been able to find any thorough explanation of the "field" (recv errors) in the show command. I looked trough the posts i found here with the search function and they gave me somekind of picture but i still want to ask in a new post.
Basicly we have tens of L2L VPNs in the same device and this is the only connection that has had these kind of problems. To my understanding the configuration hasnt been altered in any way (Since there really no reason when its working). What does the "recv errors" mean really? What is going wrong that could be corrected only by issuing the "clear crypto session remote <IP>" command?
Is there perhaps some problem on the remote site thats causing this? I think we would have gotten loads of messages/calls from customers by now if there problem was on our device. Especially when some of these connections are almost critical for customer operations.
Heres part of the show command thats related to the problematic L2L VPN connection:
#pkts encaps: 58438925, #pkts encrypt: 58438925, #pkts digest: 58438925
#pkts decaps: 80025266, #pkts decrypt: 80025266, #pkts verify: 80025266
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 190, #recv errors 83587
Any ideas on what could be causing this?
- The connection in this case stops passing traffic
- Other connections arent affected to my knowledge since we havent gotten any messages from customers
- Our side configuration has remained unchanged since the start
- The device itself hasnt been updated during the time these VPN has been in use.