We have a Cisco 6500 with WS-SVC-IPSEC-1 (think that should be the right one) with which we have built customer L2L VPN connections.
Only one customer has been lately reporting problems with the VPN connection where the traffic stops totally and "clear crypto session remote <IP>" seems to resolve the issue.
Ive tried to check the statistics of the VPN connection with "show crypto ipsec sa vrf <VRF>" and have wondered what would cause the increasing number of "recv errors"?
I havent been able to find any thorough explanation of the "field" (recv errors) in the show command. I looked trough the posts i found here with the search function and they gave me somekind of picture but i still want to ask in a new post.
Basicly we have tens of L2L VPNs in the same device and this is the only connection that has had these kind of problems. To my understanding the configuration hasnt been altered in any way (Since there really no reason when its working). What does the "recv errors" mean really? What is going wrong that could be corrected only by issuing the "clear crypto session remote <IP>" command?
Is there perhaps some problem on the remote site thats causing this? I think we would have gotten loads of messages/calls from customers by now if there problem was on our device. Especially when some of these connections are almost critical for customer operations.
Heres part of the show command thats related to the problematic L2L VPN connection:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...