11-13-2015 06:03 AM - edited 02-21-2020 08:33 PM
Hi Team,
As titles, just curious, what's the signficance of "pkts not compressed" on "show crypto ipsec sa" , this counters seems to be same as pkts encaps in some cases.
#pkts encaps: 11111, #pkts encrypt: 11111, #pkts digest: 11111
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 11111, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
Regards
11-13-2015 10:35 AM
Hi ,
This field is significant when we use data compression for VPNs under transform set.
LZS compression is only supported on Anyconnect, SSL and IPSEC remote access VPNs and not on lan to lan tunnels. It is not supported for IKEv2 connections.
Compression was designed for high latency low bandwidth connections (in both SSL and IPsec), it requires additional processing in software of client side and should be carefully considered when applying.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
09-24-2021 05:56 PM
Be sure that esp has been allowed to your VPN device on your outside acl inbound
permit esp host <s2s-VPN-Peer-IP> any
We found a router sitting in front of our ASA with ACL's for security was preventing esp packets into our ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide