- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2018 11:34 PM - edited 02-21-2020 08:10 AM
Hi Everyone,
Any idea what could be causing this?
#pkts encaps: 1181, #pkts encrypt: 1181, #pkts digest: 1181
#pkts decaps: 1181, #pkts decrypt: 0, #pkts verify: 0
we usually encounter encaps/encrypts are incrementing, but no decaps/encrypt -- usually is nat issue, but this one is different.
Advance thanks
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2018 01:30 AM
Look at both the device log output and compare config, This could happen when there's a route problem, NAT problem, or some sort of VPN filter.
Check the tunnel configuration on both the devices and check the is the Tunnel up ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 12:42 AM
run a packet trace while the SA is up to see of the return packet will get
encrypted by responding device or not
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2018 01:30 AM
Look at both the device log output and compare config, This could happen when there's a route problem, NAT problem, or some sort of VPN filter.
Check the tunnel configuration on both the devices and check the is the Tunnel up ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 05:50 PM
It worked after we reconfigured and retyped the corresponding tunnel-group.. exactly the same.
We are using pre-shared key, not sure it was the key, but a mismatched key should be visible in the debug, and tunnel should not form from the start. This one the tunnel stood up and was stable, it's just the decrypt is not incrementing
Thanks for the input though
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 12:42 AM
run a packet trace while the SA is up to see of the return packet will get
encrypted by responding device or not
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2018 05:52 PM
Hi,
It worked after we reconfigured and retyped the corresponding tunnel-group.. exactly the same.
We are using pre-shared key, not sure it was the key, but a mismatched key should be visible in the debug, and tunnel should not form from the start. This one the tunnel stood up and was stable, it's just the decrypt is not incrementing
Thanks for the input though
