Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

#Pkts encaps 0 but pkts decaps 203

Hey Guys, I have been stuck and need yours support. L2L tunnel is up and working fine, I have configured two network in that one is working fine,

but on the other network I am having this issue. I reconfigured the tunnel but no luck. kindly suggest.


Hi, If I got you correctly,



If I got you correctly, you are not able to pass traffic across the VPN tunnel. Please correct me if I am wrong.  The problem lies on the ASA where encrypt is "0". There can be several reasons for packets not getting encrypted. They are:

1. Nat Exempt is not applied on the ASA or any other NAT rule is redirecting it through any other interface.

2. Return traffic from the host is not coming back to the ASA so that it can get encrypted. To verify this, apply capture on inside interface so as to see outgoing and incoming packets.

3. Traffic is getting encrypted and is entering any other tunnel.

4. Traffic is getting dropped by the ASA because of any conflicting rule.


Please focus on these issues anf it does not help then share the configuration and I will be in better position to help you.



Community Member

Hi Vishnu,  Thanks for the

Hi Vishnu,

  Thanks for the reply. Actually I have created same NAT rule for both the subnet, but one is working fine and the other is having this issue. Please see the attached IPSEC detail.

Hi,Check your crypto ACL and


Check your crypto ACL and make sure they're 'mirror' from each other.

Community Member

Hey John, Actually it was

Hey John, Actually it was working perfect in past, not sure what goes wrong.

Yes crypto ACL's are mirrored. Tunnel is Up and traffic passing on one subnet but the other is giving problem. Anyways the problem has been solved by removing the VPN configuration and reconfigured, Also have changed the pre-shared key.

Thank you guys for all the valuable comments and support. smiley



CreatePlease to create content