IPSec conflict between IPSec tunnels and corporate VPN
I run a 2821 running c2800nm-adventerprisek9-mz.124-22.YB8 at home with 2 gre over IPSec tunnels for personal use, and my desktop will run an IPSec based VPN client to connect to the corporate VPN. My issue is that when I would connect to the corporate VPN, I would see packets being encrypted and sent out but I would never receive packets back. It appears that the IPSec VPN tunnels conflict with the IPSec packets from my desktop and the router attempts to decrypt them and gives this error. (I removed public addresses for anonymity)
CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr="myaddress", prot=50, spi=0xDB32344E(3677500494), srcaddr="corpvpn"
When I remove the crypto map off of the WAN side of the router, my desktop VPN works immediately. I can change the configuration on eiher side of the GRE IPSec tunnels but there is no way for me to change any configuration on the corporate VPN. Does anyone know of a workaround on the cisco router? I can provide any running configs or show commands.
The 2821 is also running NAT overload for internet access.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...