Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix VPN Debug

I have a site to site vpn between a pix firewall and a sonicwall firewall. I am receiving this message on the pix:

IPSEC(sw_esp_decap): fail antireplay check

IPSEC(cipher_ipsec_request): decap failed for x.x.x.x -> x.x.x.x

Does anyone know what this means? Thanks for the help.

2 REPLIES
Bronze

Re: Pix VPN Debug

It appears to be a IPSec policy mismatch between the two firewalls. IPSec on PIX firewalls support "anti-replay" services if IKE is enabled on the PIX. I would suggest you to verify if the remote end supports this feature.

New Member

Re: Pix VPN Debug

Hello ,

It seems u have enabled PFS on one PIX & haven't enabled on other Unit.

Either enable on both end or disable PFS on both end.

202
Views
0
Helpful
2
Replies
CreatePlease login to create content