Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

decaps: rec'd IPSEC packet has invalid spi for destaddr

Greetings,

I have a PIX 515 v. 6.1(1)

My SysLog Daemon is showing the following error message about every 10-15 minutes.

Local4.Warning X.X.X.X %PIX-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=esp, spi=0xa9b2953e(0)

Is this an attack, or a peer not clearing IPSEC SA's? Something else entirely?

1 REPLY
New Member

Re: decaps: rec'd IPSEC packet has invalid spi for destaddr

This message just means that your PIX is receiving IPSec encrypted data when it's not expecting any or that the data is from the wrong source. It could indicate an attempted man in the middle attack(?). Try turning on debug crypto ipsec and see if you recognise the source address. If you don't recognise it, try shunning it.

1283
Views
0
Helpful
1
Replies
CreatePlease to create content