hi,
we´re running an CON3005 with certificates and want to establish a tunnel between an C2611 (IOS 12.3) with dynamic ip. The problem: tunnel will be started but its not stable If we generate traffic over the tunnel we´re getting messages like this:
CRYPTO-4-IKMP_NO_SA
or
received packet from <IP> dport 500 sport 500 Global (I) QM_IDLE
CryptoEngine: generate hmac context for conn id 1
processing HASH payload
processing NOTIFY INVALID_SPI protocol 1
incrementing error counter on sa: some bad notify
or from concentrator log:
invalid spi message received.
Please help
Many thanks