Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE Tunnel Error "crypto-4-recvd_pkt_inv_spi"

I have a hub-spoke topology with GRE tunnels using OSPF. There are two tunnels each associated to their own physical interface on each router. All the connectivty is fine. However, this design is a redundant design so I am testing the failure of the links (physical interfaces as well as the tunnels). When I "shutdown" the Tunnel0 or Tunnel1 interface the traffic is reestablished over the other physical/logical route and pings continue. When I "no shutdown" the interface everything returns back to normal. So far so when I physically remove the cable from the hub router interface FA0/0 or FA0/1 the tunnel will NOT failover to the active interface..AND when I reconnect the cable the tunnel cannot re-establish. I get the "crypto-4-recvd_pkt_inv_spi" error. When I issue the "clear crytpo session" on the hub or spoke the tunnel comes back up. I have tried the "crytpo isakmp invalid-spi-recovery" command but it does not change the results.

I am running version 12.4(13r)T on all routers.

Any ideas on what I can try to make this work if I physically lose a port or connection?




Re: GRE Tunnel Error "crypto-4-recvd_pkt_inv_spi"

Do you have isakmp keepalives enabled on both peers, seems they are not detecting that the endpoints are not reachable any longer.