I came across an issue with FLEX vpn
router 1 is a head office and it is connected to internet and we also have a branch office.
we were using ikev1 version and move to ikv2 version.
once the config for the ikv2 were applied we see this
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxxxxxxxxx, prot=50, spi=0x15DD14C3(366810307), srcaddr=xxxxxxxxxxxxxx, input interface=FastEthernet0/1
the tunnel on both side were showing status up but the protocol down.
after spending a count less hours.i notice one thing when we moved to ikv2 version. we give command on both router
no crypto isakmp enable
when we give command on both router again
crypto isakmp enable the ikv2 connection come up. does this right.
As Philip D'Ath said this command (no crypto isakmp enable) disable overall IKE processing on the device so now this doesn't matter you configuring IKE1 or IKE2 . And yah you did right.