Hi all,

I have problem on my site-to-site VPN connection. I'm working in branch using cisco 1721 and HQ using Cisco PIX 516E.

The VPN connection established succcesfuly. But in some time the VPN session keep hang and needed to clear the session "clear crypto sess". During the time VPN seesiong hang, i noticed the tunnel is up. Nothing wrong i see in Cisco Show commands. And resume normal after clear seesion. Do anybody know what is the root cause. FYI, both site devices we did nothing. The configuration all working as normal. But something I have noticed in Branch Cisco 1721 router is as below:

01:43:29: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2
01:44:07: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=218.208.xxx.xxx, prot=17,
spi=0x12061C2(18899394), srcaddr=60.54.xxx.xxx
01:44:37: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5
01:45:48: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=218.208.xxx.xxx, prot=17,
spi=0xC3B63C00(3283500032), srcaddr=60.54.xxx.xxx

I have search in Cisco website, the solution given for the above log file is contact peer Administrator. If I do contact what should I ask him to check. As I get information from him, He never touch the devices for more than 6 month... So how could the HQ device configuration has been changed? Is it this problem related to hardware?