This message has nothing to do with Cisco or non-Cisco peers.
It just means (that for one reason or another) this peer received a IPsec encapsulated packet that doesn't match an SPI we have installed for this particular connection.
If after this message pops up you do not have connectvity this is most likely telling you that IKE FSM on both sides are not in sync, maybe some delete notifications get lost? Hard to say, this is usually caused by packet loss or much more rare by bugs in FSM.
What I woudl suggest is to enable inavlid SPI recovery, it might not be availble in 12.3.
You're a funny person. Perhaps you should try comedian j/k
I downgraded the IOS in R2. I dont' think packet loss is an issue in my network because the two router is connected into a Catalyst 3750 running layer-3 in the lab and everything is 100/full hard code set on all sides. There is not much traffics going between the two routers except ospf routing protocol hellos and GRE exchange, along with IPSec.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...