Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4118
Views
0
Helpful
3
Replies

Received encrypted packet with no matching SA, dropping

rbogman79
Level 1
Level 1

‎08-01-2006 07:31 AM - edited ‎03-09-2019 03:46 PM

Hello,

One of my customers has a problem with several VPN tunnels (site-to-site).

HQ ? PIX515E v7.04

Branch Office ? PIX501 v6.3(1)

In the morning around 12 branch offices need to connect to the HQ. When a branch office wants to connect, this will not work. In the logging I find a message called; received encrypted packet with no matching sa, dropped.

When I start a ping in the HQ to the branch office, the VPN tunnel will be build. So the temporary solution at this moment is to start a ping to all the 12 branch offices in the morning.

Does anyone recognize this problem? Hopefully someone can help us.

Kind regards,

Ron

Labels:
0 Helpful
3 Replies 3

mmorris11
Level 4
Level 4

‎08-01-2006 07:50 AM

It sounds like the tunnel is terminating at HQ during the night but not at the branch site. Are your timers the same?

0 Helpful

rbogman79
Level 1
Level 1
In response to mmorris11

‎08-02-2006 12:53 AM

Hello,

at first thanks for your tips&tricks. The timers are the same and the IKE policy is the same as well. I noticed something else and that is that the clock on several branch offices are not the same as in the HQ. Could this be some part of the problem?

0 Helpful

rbogman79
Level 1
Level 1
In response to rbogman79

‎08-02-2006 03:36 AM

Hello,

I found something else, in the IKE policy the SA lifetime is 86400 seconds (24 hours). In the IPSEC Tunnel policy the SA lifetime is 8 hours or 4608000 kilobytes. Could this be the problem?

Kind regards,

Ron

0 Helpful
Customers Also Viewed These Support Documents