cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1995
Views
0
Helpful
7
Replies

Site to Site VPN, Send Errors

Venkatesha Bhat
Level 1
Level 1

Hello,

We have L2L VPN between Cisco router and PIX515E.  We recently added couple of hosts to Encryption domain and when we try intiate traffic we get Send Errors on sh ipsec sa.  The hosts that were there proviosely in Encryption domain are accessible.We have made sure, both ends encryption domain is same and but on our end we get these send errors.

Looking for some directions here to troubleshoot this issues.

#pkts encaps: 0, #pkts encrypt: 0,  #pkts digest 0

    #pkts decaps: 0, #pkts decrypt:  0, #pkts verify 0

    #pkts compressed: 0, #pkts  decompressed: 0

    #pkts not compressed: 0, #pkts  compr. failed: 0, #pkts decompress failed:  0

    #send errors 15, #recv errors  0

Thanks in advance

Regards,


Venky.

7 Replies 7

Jitendriya Athavale
Cisco Employee
Cisco Employee

so you mean to say the tunel is up and you are able to pass traffic between the

2 sites expect few hosts which you added recently

Yes, thats correct.

can you paste the crypto configuration on both ends

also do you see the same issue when you try from the PIX side- if so probably you can run a packet-tracer to show where it is failing

also do you have any vpn filter applied on your PIX

I have pix 515E with 6.3(5) running and i dont think i have option to run packet tracer. I do not have any VPN filter applied. connection always intiated from PIX not from the other end.

Anything showing up in the logs when you pass this traffic?

Yes, I see hits on ACL and show conns shows

TCP out x.x.x.x :80 in y.y.y.y.:45058 idle 0:01:21 Bytes 0 flags saA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: