Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN session with Juniper device

Hi,
I have a question regarding a VPN setup on a Cisco2821 running Version 12.4(15)T13.

We are trying to activate a site-to-site VPN with a remote Juniper device peer.

The VPN becomes active but no traffic is going through.

At the Cisco side the output of the command "show crypto ipsec sa detail" shows that Cisco device sends
encapsulated packets but there are no pkts decaps received. All packets received seem to be "pkts decaps failed (rcv)"
The pkts decaps failed (rcv) increases even if no traffic is sent by the cisco device.
We tried any sort of debugging but we didn't find any information about the decaps failed reasons.  

On the same Cisco device we have several other VPN session that work, even with Juniper peers:
so we think that our configuration is correct.

Has anyone any suggestions about this problem?

Thank you, best regards

Alessandro Asson - CINECA

---

v01#show crypto ipsec sa peer 194.105.55.195 detail

interface: GigabitEthernet0/0
    Crypto map tag: vpn-outside, local addr 193.204.120.200

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.100.0.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (172.20.0.0/255.255.0.0/0/0)
   current_peer 194.105.55.195 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 29, #pkts encrypt: 29, #pkts digest: 29
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #pkts no sa (send) 1, #pkts invalid sa (rcv) 0
    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 1694
    #pkts invalid prot (recv) 0, #pkts verify failed: 0
    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
    ##pkts replay failed (rcv): 0
    #pkts internal err (send): 0, #pkts internal err (recv) 0

     local crypto endpt.: 193.204.120.200, remote crypto endpt.: 194.105.55.195
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     current outbound spi: 0x76AEBC5A(1991162970)

     inbound esp sas:
      spi: 0x3EC77678(1053259384)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 105, flow_id: AIM-VPN/SSL-2:105, crypto map: vpn-outside
        sa timing: remaining key lifetime (k/sec): (4478469/444)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x76AEBC5A(1991162970)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 106, flow_id: AIM-VPN/SSL-2:106, crypto map: vpn-outside
        sa timing: remaining key lifetime (k/sec): (4478499/444)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:
v01#

 

92
Views
0
Helpful
0
Replies
CreatePlease to create content