Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ESP error 402116

I would like to ask your help solving a VPN issue with the device on the far end.

I have one established IPSec tunnel between the host at the far end. When they try to eatablise a second IPSec tunnel to our seconf IP we get this error

May  9 18:51:51 odc-np-gw %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0x47995CC7, sequence number= 0xCF) from (user= to  The decapsulated inner packet doesn't match the negotiated policy in the SA.  The packet specifies its destination as, its source as, and its protocol as icmp.  The SA specifies its local proxy as and its remote_proxy as is the far end peer is the local peer is the remote configured protected host is the local configured protected host is the working local configured protected host

I can supply everything if you wish but I just need some direction. I believe we have a Cisco 5540 on the far end also.

Everyone's tags (2)
Cisco Employee

ESP error 402116

HI Mate ,

before focusing on this message , what about the following :

IKE phase 1

IKE phase 2

debug cry isa

debug cry ipsec

show cry isa sa

show crypto ipsec sa peer



CreatePlease to create content