|
Question : CISCO IP SEC Issues
|
|
Hi,
A weird problem with CISCO IPSEC config ...any help will be greatly appreciated...
[Router1]<------------------------------------------------>[Router2]
loopback 999 loopback 999
202.X.X.1/24 202.X.X.2/24
This setup works fine...The crypto config is quite normal one taken the ex from CISCO...
[Router1]<------------------------------------------------>[Router2]<-------------------------->[Router3]
loopback 999 Normal routing loopback 999
202.X.X.1/24 enabled 202.X.X.2/24
This case I can ping the dest network ..seems quite good for me..but when I try to flow the traffic then I start getting the errors ..seems like the packets are not encrypted at all...i found some thing from the logs on "router3"
42w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=202.X.X.2, prot=50, spi=0x3E8(1000), srcaddr=202.X.X.1
42w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=202.X.X.2, prot=50, spi=0x3E8(1000), srcaddr=202.X.X.1
42w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=202.X.X.2, prot=50, spi=0x3E8(1000), srcaddr=202.X.X.1
42w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=202.X.X.2, prot=50, spi=0x3E8(1000), srcaddr=202.X.X.1
Any help will be greatly appreciated....
thx
|
Answer : CISCO IP SEC Issues
|
|
also if you can run
clear any ipsec connection that is present then do the following debug
debug crypto isakmp
debug crypto ipsec
try and establish the connection from either side, then copy and paste the resultant information. Please remove any reference to IP addresses, hostnames etc
|
|
|
|
|
