hi,

i created a S2S VPN and the ASA2's internet connection isn't that good and some packet losses would be 'normal'.

i'm not sure if that relates to the unequal encap/decaps on my 'sh crypto ipsec sa' output.

is the below reading normal?

ASA1:

      #pkts encaps: 129766, #pkts encrypt: 130193, #pkts digest: 130193
      #pkts decaps: 90306, #pkts decrypt: 90306, #pkts verify: 90306
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 129766, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 427, #pre-frag failures: 0, #fragments created: 854
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 29
      #TFC rcvd: 0, #TFC sent: 0
      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
      #send errors: 0, #recv errors: 0

ASA2:

 #pkts encaps: 533, #pkts encrypt: 533, #pkts digest: 533
      #pkts decaps: 600, #pkts decrypt: 600, #pkts verify: 600
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 533, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 36
      #send errors: 0, #recv errors: 0