06-11-2016 08:46 AM - edited 02-21-2020 08:51 PM
I came across an issue with FLEX vpn
router 1 is a head office and it is connected to internet and we also have a branch office.
we were using ikev1 version and move to ikv2 version.
once the config for the ikv2 were applied we see this
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxxxxxxxxx, prot=50, spi=0x15DD14C3(366810307), srcaddr=xxxxxxxxxxxxxx, input interface=FastEthernet0/1
the tunnel on both side were showing status up but the protocol down.
after spending a count less hours.i notice one thing when we moved to ikv2 version. we give command on both router
no crypto isakmp enable
when we give command on both router again
crypto isakmp enable the ikv2 connection come up. does this right.
06-11-2016 09:52 PM
I don't know the answer, but I would say it globally disables all IKE processing, not just IKEv1.
06-12-2016 04:33 AM
As Philip D'Ath said this command (no crypto isakmp enable) disable overall IKE processing on the device so now this doesn't matter you configuring IKE1 or IKE2 . And yah you did right.
Rate comment...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide