Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
6
Replies

VPN receive errors

baskervi
Level 1
Level 1

‎09-08-2005 02:01 AM - edited ‎02-21-2020 01:57 PM

I saw the previous post on VPN error codes. I have a similar problem between a PIX-515 and a Netscreen:

#pkts encaps: 837, #pkts encrypt: 837, #pkts digest 837

#pkts decaps: 872, #pkts decrypt: 26075, #pkts verify 26075

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 8, #recv errors 25203

Traffic sent from the Netscreen end shows up as recv errors, while packets sent from the PIX end are delivered successfully end to end. We have another VPN tunnel to a second Netscreen (not sure of the firmware revisions) that is working. Any ideas on what could be causing this?

Labels:
0 Helpful
6 Replies 6

umedryk
Level 5
Level 5

‎09-15-2005 06:15 AM

Here is a sample configuration for tunnels between PIX and netscreen, you could check if you have missed out any of the required configuration : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml

0 Helpful

baskervi
Level 1
Level 1
In response to umedryk

‎09-15-2005 08:30 AM

I saw this link. I build a lot of VPN tunnels, and hence debug quite a bit. The puzzling part is that neither end registers any problems - the tunnel negotiates just fine. This tunnel is defined only between two host IPs, and I'm beginning to wonder if there is something flakey on the remote host.

0 Helpful

jackko
Level 7
Level 7

‎09-15-2005 06:38 PM

the pix receives some packets which are not encapsulated correctly.

#pkts decaps: 872 plus #recv errors 25203 equals to #pkts decrypt: 26075

in other words, the pix didn't decapsulate these packets but yet it did decrypt them and of course it will become an error. not too sure why the pix will still go ahead to decrypt those packets, i thought that the pix would have dropped the packet since it should be encapsulated.

0 Helpful

thomaszhong
Level 1
Level 1

‎10-04-2005 05:58 AM

Hello,

Our company want to create vpn connection between headquarter and branch offices ,and we have a pix515 and 2 netscreen .

Is your vpn connection created between pix and netcreen(no router between them?) can you tell me how to do this?

Thank you !

0 Helpful

baskervi
Level 1
Level 1
In response to thomaszhong

‎10-04-2005 07:14 AM

I have no idea how many routers are between them - there are two separate companies across the Internet. Here is a configuration guide:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml

0 Helpful

naveen_b81
Level 1
Level 1
In response to baskervi

‎08-05-2007 10:16 PM

Hi baskervi,

I am also facing a similar error. Did u find a solution for this? Could it be related to the MTU size of the received packet?

0 Helpful
Customers Also Viewed These Support Documents