Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Router terminating and passing VPN traffic

Hi

I have a situation where I would like to allow clients on the inside of my network to VPN to other 3rd parties (the clients will get NATed to the outside interface of the router), while at the same time there are site-to-site VPNs to others. When I configure it the router logs %CRYPTO-4-RECVD_PKT_INV_SPI when the client tries to connect to the remote VPN server, which I assume is because the router is trying to decrypt the packet rather than forwarding it to the internal client that sent.

Is this configuration possible?

Thanks!

1 REPLY
Silver

Re: Router terminating and passing VPN traffic

It's normal to see this Invalid SPI message once a few hours because of the IPSec Phase 2 rekey, unless you face lot of connectivity issues. If you are only getting these messages occasionaly, it is usually because the SA is being renegotiated. This periodic renegotiation of SAs is, itself, a security feature designed to make the environment more robust so the occasional appearance of these messages is normal.

138
Views
0
Helpful
1
Replies
CreatePlease to create content