Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
1
Replies

ESP error 402116

charlie.ford
Level 1
Level 1

‎05-10-2012 06:39 AM

I would like to ask your help solving a VPN issue with the device on the far end.

I have one established IPSec tunnel between the host at the far end. When they try to eatablise a second IPSec tunnel to our seconf IP we get this error

May  9 18:51:51 odc-np-gw %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0x47995CC7, sequence number= 0xCF) from 23.24.138.185 (user= 23.24.138.185) to 205.144.144.4.  The decapsulated inner packet doesn't match the negotiated policy in the SA.  The packet specifies its destination as 205.144.158.29, its source as 23.24.138.189, and its protocol as icmp.  The SA specifies its local proxy as 205.144.158.30/255.255.255.255/ip/0 and its remote_proxy as 23.24.138.189/255.255.255.255/ip/0.

23.24.138.185 is the far end peer

205.144.144.4 is the local peer

23.24.138.189 is the remote configured protected host

205.144.158.29 is the local configured protected host

205.144.158.30 is the working local configured protected host

I can supply everything if you wish but I just need some direction. I believe we have a Cisco 5540 on the far end also.

Labels:
0 Helpful
1 Reply 1

Mohammad Alhyari
Cisco Employee
Cisco Employee

‎05-16-2012 12:50 PM

HI Mate ,

before focusing on this message , what about the following :

IKE phase 1

IKE phase 2

debug cry isa

debug cry ipsec

show cry isa sa

show crypto ipsec sa peer

cheers.

Mohammad.

0 Helpful
Customers Also Viewed These Support Documents