Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1833
Views
5
Helpful
6
Replies

site-to-vpn goes down

FredDenHeijer
Level 1
Level 1

‎07-20-2009 11:36 PM - edited ‎02-21-2020 03:34 AM

Hi, I have a cisco 2811 connected by vpn to a sonic firewall. On several occasions the connection is down. In the log of the Cisco 2811 i get the following error:

%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from xxx.xxx.xxx.xxx was not encrypted and it should've been.

*Jul 19 17:38:26.293: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x1C4F247F(474948735), srcaddr=xxx.xxx.xxx.xxx

I've looked at the configurations of both the cisco as the sonic and they look fine.

Hope someone can help me with this our client is quit desperate.

6 Replies 6

Collin Clark
VIP Alumni
VIP Alumni

‎07-21-2009 05:36 AM

Check this link,

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_ispir.html

Hope it helps.

0 Helpful

FredDenHeijer
Level 1
Level 1
In response to Collin Clark

‎07-23-2009 11:32 PM

This article writes about two cisco routers,my situation is with one cisco and a Sonic Firewall. I'm not sure how to set this on the Sonic. Or can i implement this on the Cisco router only?

0 Helpful

loizosko
Level 1
Level 1
In response to FredDenHeijer

‎08-13-2009 07:16 PM

we had this issue today as well. we have 2 routers connected via a ds3 running ipsec encryption between them for compliance reasons, since the telco links are not considered trusted. at some point we could not pass traffic accross, the links were up and we were receiving the %CRYPTO-4-RECVD_PKT_INV_SPI: error

we removed the crypto and re-apply it to the interface and got established. we did put the crypto isakmp invalid-spi-recovery command afterwards and hopefully the issue does not appear again. we had this issue again in the past when we upgraded the ios and rebooted the router. a second reboot that time fixed it.

i just hope this command will prevent the issue from happening again.

0 Helpful

cempuerto
Level 1
Level 1
In response to loizosko

‎09-29-2009 09:24 PM

Hi,

any update on this post?? having the same issue.

Thanks,

0 Helpful

FredDenHeijer
Level 1
Level 1
In response to cempuerto

‎09-29-2009 10:56 PM

Our problem was that we had multiple connections configured as one but only one line was configured with the vpn. The other sides on its behalve communicated on only one of the connections.

0 Helpful

cempuerto
Level 1
Level 1
In response to FredDenHeijer

‎09-29-2009 11:23 PM

I'm trying to set up VPN connection using

1841 router and tz-190 sonicwall firewall.

VPN is not working and i'm getting

"%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should've been"

i have found this article

www.cisco.com/application/pdf/paws/.../vpn-sonicwall-pixfw.pdf

Sonicwall was set to aggressive mode. so i'm planning to follow the steps on the article making Phase 2 dynamic.. have any one tried this??

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card