Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CRYPTO-4-RECVD_PKT_INV_SPI:

Hello,

I have cisco 2612 router configure to accept VPN Client connection. This connection are accepted via eth 0 interface. The crypto configuration and the crypto map use are the following:

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp keepalive 10 5

!

crypto ipsec security-association lifetime seconds 28800

crypto ipsec transform-set prueba esp-3des esp-sha-hmac

crypto ipsec transform-set prueba1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set prueba

match address 160

reverse-route

!

crypto dynamic-map BPS 10

set transform-set prueba1

match address 150

reverse-route

!

crypto map empleado client authentication list user_authen

crypto map empleado isakmp authorization list user_author

crypto map empleado client configuration address respond

crypto map empleado 10 ipsec-isakmp dynamic dynmap

The problem is that the connection are disconnected randomly. The message send to the syslogs is the following: CRYPTO-4-RECVD_PKT_INV_SPI:

How I can resolve this problem?

Thanks in advance.

5 REPLIES
New Member

Re: CRYPTO-4-RECVD_PKT_INV_SPI:

What version of client and router are you running? How random is this? Is the tunnel up in use and in the middle of say sending traffic it drops? Or are they sitting idle? Are you running a routing protocol on your router? That message indicates that the tunnel on one side has basically dropped but the other side thinks its still up so it continues to send traffic.

Kurtis

New Member

Re: CRYPTO-4-RECVD_PKT_INV_SPI:

What version of client and router are you running?

The router version is: Version 12.2(11)T.

The VPN client version are: 3.6.2 and 3.5.1.

How random is this?

The frequency is randomly, in some case it is 4 or 5 times a day.

Is the tunnel up in use and in the middle of say sending traffic it drops?

Yes

Or are they sitting idle?

Yes, generally occur this case.

Are you running a routing protocol on your router?

No

That message indicates that the tunnel on one side has basically dropped but the other side thinks its still up so it continues to send traffic.

The remote user receive the message "peer no longer responding".

Thanks.

New Member

Re: CRYPTO-4-RECVD_PKT_INV_SPI:

Try removing the reverse-route from the router, if your not running a routing protocol, it wont be needed and I remember there being a problem with that if you have a accelerator card. You might wanna upgrade the code as well to 12.2.11T2.

Kurtis Durrett

New Member

Re: CRYPTO-4-RECVD_PKT_INV_SPI:

I remove the reverse-route. I wait for the syslog for new message.

I have a problem with card accelerator. I can't use it. When I enable (crypto engine accelerator) this card the performace go down. I think that is a routing problem.

Do you know this bug?

The version 12.11T2 resolve this bug?

Do you know where I can subscribe a e-mail list for receive new cisco advisor?

Thanks in advance.

New Member

Re: CRYPTO-4-RECVD_PKT_INV_SPI:

Im not sure of the bug id that was assigned or if it was filed with this in 12.2.11T or if 12.2.11T2 will fix it. Open a case with TAC to pursue this on the bug and which code, if any, will fix it. You could always try 12.2.11T2 and see if it fixes your problem or check the release notes for that release to see

if its listed as a known bug and/or fixed. I didnt find it myself, but have a look for your self: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cavs/122tcavs.htm

Kurtis Durrett

465
Views
0
Helpful
5
Replies