IPSec over GRE with SPI Problems

Unanswered Question
Jun 23rd, 2010
User Badges:

I am using IPSec and I am getting this error, it is a connection over a satellite link and its IPSec within two other encryption encapsulations (external hardware), there are known MTU issues here - but that should cause the errors below -


anyone any ideas ? Its resulting is Eigrp nei being reset and causing major onsite disruption.



Jun 23 12:11:46: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=1X.X.X.X, prot=51, spi=0xB0B196D6(2964428502), srcaddr=1X.X.X.X
Jun 23 12:18:32: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=1X.X.X.X, prot=51, spi=0x20F588B7(552962231), srcaddr=1X.X.X.X
Jun 23 12:23:21: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=1X.X.X.X, prot=51, spi=0x5F707868(1601206376), srcaddr=1X.X.X.X

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Diego Armando C... Wed, 06/23/2010 - 07:53
User Badges:
  • Bronze, 100 points or more

Are you doing a nat in any of the endpoints?


It seems that there is a problem with the interesting traffic. Check that first. And attach the config if possible.

Actions

This Discussion