cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1940
Views
0
Helpful
0
Comments
TCC_2
Advocate
Advocate

Core issue

The received IPsec packet specifies a security parameters index (SPI) that does not exist in the security association database (SADB). This can be a temporary condition due to slight differences in the aging of security associations (SAs) between the IPsec peers or it can be due to the clearing of the local SAs. This condition can also be caused by incorrect packets sent by the IPsec peer.

Note: This can also be an attack.

Resolution

The peer may not acknowledge that the local SAs have been cleared. If a new connection is established from the local router, the two peers can then reestablish successfully. Otherwise, if the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer's administrator.

For more information about PIX Firewall syslog messages, refer to Cisco PIX Firewall System Log Messages, Version 6.3 and Cisco Security Appliance System Log Messages, Version 7.0.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links