Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2245
Views
0
Helpful
1
Replies

decaps: rec'd IPSEC packet has invalid spi for destaddr

rsinghnyc
Level 1
Level 1

‎04-26-2006 10:21 AM - edited ‎02-21-2020 02:23 PM

Greetings,

I have a PIX 515 v. 6.1(1)

My SysLog Daemon is showing the following error message about every 10-15 minutes.

Local4.Warning X.X.X.X %PIX-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=esp, spi=0xa9b2953e(0)

Is this an attack, or a peer not clearing IPSEC SA's? Something else entirely?

Labels:
0 Helpful
1 Reply 1

cleidh_mor
Level 1
Level 1

‎04-27-2006 07:59 AM

This message just means that your PIX is receiving IPSec encrypted data when it's not expecting any or that the data is from the wrong source. It could indicate an attempted man in the middle attack(?). Try turning on debug crypto ipsec and see if you recognise the source address. If you don't recognise it, try shunning it.

0 Helpful
Customers Also Viewed These Support Documents
Top