Site to Site VPN, Send Errors

Unanswered Question
Jul 27th, 2010


We have L2L VPN between Cisco router and PIX515E.  We recently added couple of hosts to Encryption domain and when we try intiate traffic we get Send Errors on sh ipsec sa.  The hosts that were there proviosely in Encryption domain are accessible.We have made sure, both ends encryption domain is same and but on our end we get these send errors.

Looking for some directions here to troubleshoot this issues.

#pkts encaps: 0, #pkts encrypt: 0,  #pkts digest 0

    #pkts decaps: 0, #pkts decrypt:  0, #pkts verify 0

    #pkts compressed: 0, #pkts  decompressed: 0

    #pkts not compressed: 0, #pkts  compr. failed: 0, #pkts decompress failed:  0

    #send errors 15, #recv errors  0

Thanks in advance



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Wed, 07/28/2010 - 01:07

so you mean to say the tunel is up and you are able to pass traffic between the

2 sites expect few hosts which you added recently

Jitendriya Athavale Wed, 07/28/2010 - 03:50

can you paste the crypto configuration on both ends

also do you see the same issue when you try from the PIX side- if so probably you can run a packet-tracer to show where it is failing

Venkatesha Bhat Wed, 07/28/2010 - 04:58

I have pix 515E with 6.3(5) running and i dont think i have option to run packet tracer. I do not have any VPN filter applied. connection always intiated from PIX not from the other end.

Venkatesha Bhat Wed, 07/28/2010 - 07:49

Yes, I see hits on ACL and show conns shows

TCP out x.x.x.x :80 in y.y.y.y.:45058 idle 0:01:21 Bytes 0 flags saA


This Discussion