Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
1
Replies

%CRYPTO-4-RECVD_PKT_INV_SPI messages every 1 minute

jagoe
Level 1
Level 1

‎05-12-2004 11:29 PM - edited ‎03-09-2019 07:21 AM

ios version = 12.3(6a)

ios image = c1700-k9o3sy7-mz.123-6a.bin

vpn client = 4.0.3(F)

I've never seen this one before... Typically when a 4.0.3x vpn client session times out, I see the following two messages in the syslog output:

4128: May 12 16:47:46: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4129: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

Then that's the end of the story. However, this morning I find my syslog logs filling up with the following:

...

4146: May 12 16:52:59: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4151: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4150: May 12 16:54:42: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4152: May 12 16:55:43: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4153: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4155: May 12 16:56:45: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4156: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4158: May 12 16:57:46: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4159: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4161: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4160: May 12 16:58:47: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4163: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4162: May 12 16:59:48: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

4165: <009>destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x99BA67EE(-1715836946), srcaddr=yyy.yyy.yyy.yyy

4164: May 12 17:00:51: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

...

The frequency is fairly regular, a message pair about once every minute. It seems as if the client is still trying to re-establish (every one minute) the tunnel with the old spi from the tunnel session that timed out.

Any suggestions or explanations?

Labels:
0 Helpful
1 Reply 1

jagoe
Level 1
Level 1

‎05-14-2004 01:16 AM

After 24 hours I got tired of the continuous stream of syslog messages. Resetting the router "solved" the problem.

This sounds like an ios vpn bug, doesn't it? Should open a ticket?

0 Helpful
Customers Also Viewed These Support Documents