Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

DMVPN behind ASA with no NAT

I have a remote site, the DMVPN router is behind ASA firewall with dedicated Public IP. No NAT is involved.

The firewall rule allows inbound GRE, ESP and AH.

The VPN connection drops a few times a day which really impacting the business.

The router log shows:

CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr.....

Is there anything I should pay attention to, i.e. addtional firewall rules?

CreatePlease to create content