I'm seeing following error show up in my logs and wonder if someone could shed some light on exactly what it means. Thanks!
129.1xx.x.xx %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0xC359311B, sequence number= 0x1) from 10.19x.x.x (user= user1) to 129.1xx.x.xx. The decapsulated inner packet doesn't mat
ch the negotiated policy in the SA. The packet specifies its destination as 192.xxx.xxx.115, its source as 10.19x.x.x, and its protocol as 1. The SA specifies its local proxy as 0.0.0.0/0.0.0.0/0/0 and its
remote_proxy as 192.xxx.xxx.117/255.255.255.255/0/0.
Error Message %PIX|ASA-4-402116: IPSEC: Received an protocol packet (SPI=spi, sequence
number= seq_num) from remote_IP (username) to local_IP . The decapsulated inner
packet doesn't match the negotiated policy in the SA. The packet specifies its
destination as pkt_daddr, its source as pkt_saddr, and its protocol as pkt_prot . The
SA specifies its local proxy as id_daddr /id_dmask /id_dprot /id_dport and its remote
proxy as id_saddr /id_smask /id_sprot /id_sport .
Explanation This message is displayed when a decapsulated IPSec packet does not match the negotiated identity. The peer is sending other traffic through this security association. It may be due to a security association selection error by the peer, or it may be part of an attack. This message is rate limited to no more than one message every five seconds.
spi-IPSec Security Parameters Index
seq_num-IPSec sequence number
remote_IP-IP address of the remote endpoint of the tunnel
username-Username associated with the IPSec tunnel
local_IP-IP address of the local endpoint of the tunnel
pkt_daddr-Destination address from the decapsulated packet
pkt_saddr-Source address from the decapsulated packet
pkt_prot-Transport protocol from the decapsulated packet
id_daddr-Local proxy IP address
id_dmask-Local proxy IP subnet mask
id_dprot-Local proxy transport protocol
id_dport-Local proxy port
id_saddr-Remote proxy IP address
id_smask-Remote proxy IP subnet mask
id_sprot-Remote proxy transport protocol
id_sport-Remote proxy port
Recommended Action Contact the peer administrator and compare policy settings.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...