Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
0
Helpful
3
Replies

VPN tunnels established but have encap/encryp but no decap/decryp pkts

h.chia
Level 1
Level 1

‎10-28-2003 09:05 PM - edited ‎02-21-2020 12:50 PM

We have a customer who is using PIX525 and CISCO1720 (with VPN Accelerator) for site-to-site VPN.

It has been working fine for more than a year when it suddenly stop functioning. When we did a "sh cryp ipsec sa", the tunnels were still alive and active, except, there were no decap and decrypt packets. We verified the PIX and routers configuration to make sure that there were no unintended changes. We tried tearing down the tunnels and re-establishing them - but still the same.

Anyone with a similar experience to share ?

Labels:
0 Helpful
3 Replies 3

shabika
Level 1
Level 1

‎10-29-2003 07:35 AM

Just make sure that the remote end node is still permitting the particular traffic that you are sending. Your local end seems to be ok since it's encrypting packets but no decrypting because it receiving no replys.

0 Helpful

h.chia
Level 1
Level 1
In response to shabika

‎10-29-2003 10:45 PM

This setup has been working for more than a year.

One of the first thing we did was to compare the configurations of the PIX and routers, with the last saved working configurations. But we didn't find any discrepancies that will cause the VPN to fail.

0 Helpful

Alex Pfeil
Level 7
Level 7

‎05-14-2017 07:08 AM

I have had issues where the ISP router had to be rebooted.

Thanks,

Alex

0 Helpful
Customers Also Viewed These Support Documents