I have problem on my site-to-site VPN connection. I'm working in branch using cisco 1721 and HQ using Cisco PIX 516E.
The VPN connection established succcesfuly. But in some time the VPN session keep hang and needed to clear the session "clear crypto sess". During the time VPN seesiong hang, i noticed the tunnel is up. Nothing wrong i see in Cisco Show commands. And resume normal after clear seesion. Do anybody know what is the root cause. FYI, both site devices we did nothing. The configuration all working as normal. But something I have noticed in Branch Cisco 1721 router is as below:
01:43:29: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2 01:44:07: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=218.208.xxx.xxx, prot=17, spi=0x12061C2(18899394), srcaddr=60.54.xxx.xxx 01:44:37: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5 01:45:48: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=218.208.xxx.xxx, prot=17, spi=0xC3B63C00(3283500032), srcaddr=60.54.xxx.xxx
I have search in Cisco website, the solution given for the above log file is contact peer Administrator. If I do contact what should I ask him to check. As I get information from him, He never touch the devices for more than 6 month... So how could the HQ device configuration has been changed? Is it this problem related to hardware?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...