Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN C2611 to Concentrator 3005 dynamic ip and certificates

hi,

we´re running an CON3005 with certificates and want to establish a tunnel between an C2611 (IOS 12.3) with dynamic ip. The problem: tunnel will be started but its not stable If we generate traffic over the tunnel we´re getting messages like this:

CRYPTO-4-IKMP_NO_SA

or

received packet from <IP> dport 500 sport 500 Global (I) QM_IDLE

CryptoEngine: generate hmac context for conn id 1

processing HASH payload

processing NOTIFY INVALID_SPI protocol 1

incrementing error counter on sa: some bad notify

or from concentrator log:

invalid spi message received.

Please help

Many thanks

1 REPLY
Bronze

Re: VPN C2611 to Concentrator 3005 dynamic ip and certificates

Generally you get this error message if there is any configuration mistake or ike-robustness issues. One more reason could be insufficient memory on the router.

101
Views
0
Helpful
1
Replies
CreatePlease to create content