Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN tunnels established but have encap/encryp but no decap/decryp pkts

We have a customer who is using PIX525 and CISCO1720 (with VPN Accelerator) for site-to-site VPN.

It has been working fine for more than a year when it suddenly stop functioning. When we did a "sh cryp ipsec sa", the tunnels were still alive and active, except, there were no decap and decrypt packets. We verified the PIX and routers configuration to make sure that there were no unintended changes. We tried tearing down the tunnels and re-establishing them - but still the same.

Anyone with a similar experience to share ?

3 REPLIES
New Member

Re: VPN tunnels established but have encap/encryp but no decap/d

Just make sure that the remote end node is still permitting the particular traffic that you are sending. Your local end seems to be ok since it's encrypting packets but no decrypting because it receiving no replys.

New Member

Re: VPN tunnels established but have encap/encryp but no decap/d

This setup has been working for more than a year.

One of the first thing we did was to compare the configurations of the PIX and routers, with the last saved working configurations. But we didn't find any discrepancies that will cause the VPN to fail.

New Member

I have had issues where the

I have had issues where the ISP router had to be rebooted.

Thanks,

Alex

1047
Views
0
Helpful
3
Replies