Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
1
Helpful
6
Replies

IPsec VPN

Go to solution
Mlex1
Spotlight
Spotlight

‎12-23-2024 03:30 AM - edited ‎12-23-2024 03:35 AM

Hello

configured vpn and all good, sometimes i see this log what it this? and also googled log and found this config 

crypto isakmp invalid-spi-recovery

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x, prot=50, spi=0x78629A0F(2019727887), srcaddr=x.x.x.x, input interface=interface gi0/0

 

 
Wish all the best
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to Mlex1

‎12-23-2024 09:56 PM

I send you PM check it

MHM

View solution in original post

0 Helpful
6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎12-23-2024 04:14 AM

Match lifetime in both Peer 

Use isakmp keepalive 

That all what you need

MHM

0 Helpful

Go to solution
Mlex1
Spotlight
Spotlight
In response to MHM Cisco World

‎12-23-2024 08:51 PM

isakmp keepalive  also have 

Wish all the best
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Mlex1

‎12-23-2024 09:56 PM

I send you PM check it

MHM

0 Helpful

Go to solution
ccieexpert
VIP
VIP

‎12-23-2024 07:42 AM

this could happen for various reasons.. it indicates that ipsec sas are out of sync..One side (the other side) has it and this side does not have, so it has deleted it either cause there was some sort of connectivity issue, dpd failure, or some incmopatability where one side deleted it. Also could be a transient issue during a rekey etc.. if this causing traffic issues , then you should get some debugs to understand what is happening:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/113594-trouble-ios-ike-00.html

 

0 Helpful

Go to solution
Mlex1
Spotlight
Spotlight
In response to ccieexpert

‎12-23-2024 08:56 PM

am i right this problem will not solve as you mentioned above, because this issue has several problems 

Wish all the best
0 Helpful

Go to solution
ccieexpert
VIP
VIP

‎12-24-2024 06:34 PM

it all depends on the root cause.. Sometimes it is normal to see the message during a rekey.

The main question is this affecting your environment or just a transient issue ?  having some debugs or historical logs may help us identify when and why this is happening. Again as i said earlier, it may be normal for a few of these, but you should only be concerned if it affecting traffic flows..

What is the other side of the VPN ? Cisco or something else ?

**please rate as helpful if this was useful**

Customers Also Viewed These Support Documents