Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Site to Site VPN, Send Errors

Hello,

We have L2L VPN between Cisco router and PIX515E.  We recently added couple of hosts to Encryption domain and when we try intiate traffic we get Send Errors on sh ipsec sa.  The hosts that were there proviosely in Encryption domain are accessible.We have made sure, both ends encryption domain is same and but on our end we get these send errors.

Looking for some directions here to troubleshoot this issues.

#pkts encaps: 0, #pkts encrypt: 0,  #pkts digest 0

    #pkts decaps: 0, #pkts decrypt:  0, #pkts verify 0

    #pkts compressed: 0, #pkts  decompressed: 0

    #pkts not compressed: 0, #pkts  compr. failed: 0, #pkts decompress failed:  0

    #send errors 15, #recv errors  0

Thanks in advance

Regards,


Venky.

7 REPLIES
Cisco Employee

Re: Site to Site VPN, Send Errors

so you mean to say the tunel is up and you are able to pass traffic between the

2 sites expect few hosts which you added recently

New Member

Re: Site to Site VPN, Send Errors

Yes, thats correct.

Cisco Employee

Re: Site to Site VPN, Send Errors

can you paste the crypto configuration on both ends

also do you see the same issue when you try from the PIX side- if so probably you can run a packet-tracer to show where it is failing

Cisco Employee

Re: Site to Site VPN, Send Errors

also do you have any vpn filter applied on your PIX

New Member

Re: Site to Site VPN, Send Errors

I have pix 515E with 6.3(5) running and i dont think i have option to run packet tracer. I do not have any VPN filter applied. connection always intiated from PIX not from the other end.

Silver

Re: Site to Site VPN, Send Errors

Anything showing up in the logs when you pass this traffic?

New Member

Re: Site to Site VPN, Send Errors

Yes, I see hits on ACL and show conns shows

TCP out x.x.x.x :80 in y.y.y.y.:45058 idle 0:01:21 Bytes 0 flags saA

1489
Views
0
Helpful
7
Replies
CreatePlease to create content