Received encrypted packet with no matching SA, dropping
One of my customers has a problem with several VPN tunnels (site-to-site).
HQ ? PIX515E v7.04
Branch Office ? PIX501 v6.3(1)
In the morning around 12 branch offices need to connect to the HQ. When a branch office wants to connect, this will not work. In the logging I find a message called; received encrypted packet with no matching sa, dropped.
When I start a ping in the HQ to the branch office, the VPN tunnel will be build. So the temporary solution at this moment is to start a ping to all the 12 branch offices in the morning.
Does anyone recognize this problem? Hopefully someone can help us.
Re: Received encrypted packet with no matching SA, dropping
at first thanks for your tips&tricks. The timers are the same and the IKE policy is the same as well. I noticed something else and that is that the clock on several branch offices are not the same as in the HQ. Could this be some part of the problem?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...