12-10-2006 08:54 PM - edited 02-21-2020 02:45 PM
Hi,
sh crypto ipsec sa peer X.X.X.X ?
What is the meaning of increasing send errors when I am executing the above command. I am seeing the send error count increasing and there is no change in"pkts encaps" & "Pkts decaps". This IPsec Tunnel is working and this is happenning for one new host that I have permitted.
12-12-2006 10:26 AM
Hi,
Usually u find send errors increase when the access list config is wrong .
Can u post ur access-list
Thanks
Raj
11-24-2014 11:31 PM
Hi; i am facing the same issue, a site-to-site vpn between cisco 3945 router and Fortigate
config :
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
!
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
mode tunnel
!
crypto map CRYPTO-VPN 155 ipsec-isakmp
set peer x.x.x.x
set security-association lifetime seconds 86400
set transform-set VPN-SET
set pfs group2
match address ACL-VPN
!
crypto isakmp key ????????????? address x.x.x.x
send errors increased just in one of the connections
the access list as below :
Extended IP access list ACL-VPN
10 permit ip host 10.255.129.185 host 10.1.1.15 (98 matches)
20 permit ip host 172.32.31.201 host 10.1.1.15 (25278 matches)
30 permit ip host 172.32.31.108 host 10.1.1.15 (2 matches)
60 permit ip host 172.25.25.32 host 10.1.1.15
70 permit ip host 172.25.25.25 host 10.1.1.15
80 permit ip 172.32.32.0 0.0.0.255 host 10.1.1.15 (64 matches)
when showing the sh crypto ipsec peer
local ident (addr/mask/prot/port): (172.32.32.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.1.1.15/255.255.255.255/0/0)
current_peer 10.136.136.26 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 4, #recv errors 0
10-24-2017 04:26 AM
Are there other suggestions?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: