Re: received IKE message with invalid SPI from other side

mautez_mah · ‎01-23-2021

there are two Tunnels in NSX edge

1- one between NSX to branch ( Sophos FW ) and it is working fine no issue

2- another one in the same NSX and other sites ( Sophos ) also and we have some times ( 3-4) disconnection for 30 sec

and I have attached the Log when disconnection has happened, (received IKE message with invalid SPI from another side)
is there anyone who has a good solution for this

balaji.bandi · ‎01-23-2021

what kind of cisco device is this, what is the code running, can you share more information or config to understand the problem correctly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mautez_mah · ‎01-23-2021

no cisco Devices it is between NSX-Edge and sphose and the configuration is correct because we faced this issue just some times for 30 sec

balaji.bandi · ‎01-23-2021

Not sure if this is not related to any cisco devices, you posting the wrong forum or community (hope if i am not wrong here ?)

here is some reference link for the respected diagnosis :

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.troubleshooting.doc/GUID-F2B7A75D-496C-48B0-A35D-02FE3724EAA7.html

https://community.sophos.com/xg-firewall/f/discussions/118581/ike-message-with-invalid-spi

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎01-23-2021

can I see the Nexus Config ?