Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange syslog entries after VPN tunnel stops working

I have a VPN tunnel between two 892s. When either ISAKMP or IPSec SA lifetime expires tunnel stops processing traffic. However nothing is logged in the syslog. But when I enable debug crypto isakmp error and debug crypto ipsec error following entries appear:

ISAKMP:(0):Can't decrement IKE Call Admission Control stat outgoing_active since it's already 0

ISAKMP:(2041):R-U-THERE-ACK sequence number 0x63D809BB does not correspond to expected value 0x63D809BC

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=XX.XX.XX.XX, prot=50, spi=0x3560099E(895486366), srcaddr=YY.YY.YY.YY, input interface=GigabitEthernet0

ISAKMP:(2043): IPSec policy invalidated proposal with error 4

Any idea what is wrong? Is this a bug? IOS is

Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.1(2)T2, RELEASE SOFTWARE (fc1)

2 REPLIES

Strange syslog entries after VPN tunnel stops working

Please post your VPN configs

"A good rating is as good or even better than a thank you, remember to rate the helpful posts "
New Member

Strange syslog entries after VPN tunnel stops working

OK, problem has being resolved, please see details here:

https://supportforums.cisco.com/message/3520379#3520379

1473
Views
0
Helpful
2
Replies
CreatePlease login to create content