The command "show crypto engine accelerator statistic" is used to check the "Packets Dropped and Invalid Flow Error" counters in the crypto accelerator statistics. This error indicates that any new vpn connection will be dropped because the IPsec flow ID value has reached a maximum value. Most often, the main outbound Security Association (SA) does not pass traffic. As a workaround clear the IPsec SAs using "clear crypto sa" command in order to restart traffic or set a longer IPsec rekey interval.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.