Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
5
Helpful
1
Replies

Cisco ASA VPN Tunnel with Sonicwall NSa

LovejitSingh130013
Level 1
Level 1

‎05-30-2022 06:38 PM

Hello Experts, @Marvin Rhoads  @balaji.bandi  @Rob Ingram 

 

I have an IPSec tunnel setup with Cisco ASA and Sonicwall NSA. The tunnel works fine with some packet drops and it happens on Sonicwall. I worked with SonicWALL Support and found that ASA sent some ESP headers with invalid SPI, resulting in a drop.

Please see the attached screenshots.

What is SPI ? in ESP Headers.

Also, what should I do on ASA to find that exact root cause?

I can verify that ISPs have no issues on both sides and Firewalls got other tunnels working fine showing the same kind of Hashing/encryption algorithms

Thanks,

 

Lovejit Singh

 

 

 

Preview file
68 KB
Preview file
88 KB
1 Reply 1

Jitendra Kumar
Spotlight
Spotlight

‎05-30-2022 10:58 PM - edited ‎05-30-2022 10:58 PM

 below are some documents available t-shoot very well describe the issue.

hope it will help you..

 

https://community.cisco.com/t5/vpn/crypto-isakmp-invalid-spi-recovery-command-is-not-worked-fine-in/td-p/1531178

 

below is the Article from the Sonicwall for workaround for this issue.

 

https://www.sonicwall.com/support/knowledge-base/troubleshooting-vpn-packets-drops-with-drop-code-message-octeon-decryption-failed/170505715286572/ 

 

 

Thanks,

Jitendra

Thanks,
Jitendra
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card