- Posts: 9
- Thank you received: 0
Vpn configurtaion issues
14 years 2 months ago #35451
by 1fox2go
Vpn configurtaion issues was created by 1fox2go
Hello. I am working on setting up a VPN and I am getting this error message.
"Received encrypted packet with no matching SA, dropping"
I am fairly new to this so any help would be great. I can also do any show * commands if anyone needs to see anything.
Thanks
"Received encrypted packet with no matching SA, dropping"
I am fairly new to this so any help would be great. I can also do any show * commands if anyone needs to see anything.
Thanks
14 years 2 months ago #35466
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Vpn configurtaion issues
1fox2go,
Can you please post both router configurations so we can check it for you ?
Thanks.
Can you please post both router configurations so we can check it for you ?
Thanks.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
14 years 2 months ago #35467
by 1fox2go
Replied by 1fox2go on topic Re: Vpn configurtaion issues
I can post the config on my end. The remote site is using a Checkpoint ng R55 for their side.
I am also getting these errors when I view the log viewer in ASDM.
Received Oakley Main mode packet with invalid payloads
Warning: Had problems decrypting packet, probably due to mis-matched pre shared key, switching user to tunnel group. DefaultL2L Group
Error: Had problems decrypting packet, probably due to mismatched key, Aborting
Received encrypted packet with no matching SA, dropping
I know I have the correct Pre shared key on my side, they confirm that it is correct on their end
I am also getting these errors when I view the log viewer in ASDM.
Received Oakley Main mode packet with invalid payloads
Warning: Had problems decrypting packet, probably due to mis-matched pre shared key, switching user to tunnel group. DefaultL2L Group
Error: Had problems decrypting packet, probably due to mismatched key, Aborting
Received encrypted packet with no matching SA, dropping
I know I have the correct Pre shared key on my side, they confirm that it is correct on their end
14 years 2 months ago #35471
by 1fox2go
Replied by 1fox2go on topic Re: Vpn configurtaion issues
Actually now I believe the issue is 2 of the same VPNs trying to connect at one time. Myself and the remote site technician made the decision to remove the vpn and rebuild it. I discovered today that after removing the tunnel-group, access-lists and crypto map associated with their IP that the tunnel is still up.
How can I remove the VPN completely and start over? Thanks
How can I remove the VPN completely and start over? Thanks
14 years 2 months ago #35476
by Losh
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
Replied by Losh on topic Re: Vpn configurtaion issues
I was thinkn about ur slight problem & what i was thinking is that there were multiple Security Associations (S.A) tied 2 the same traffic defined by the crypto map. That means that the router on the other end is also receiving the same message. If ur thinkn of setting up new S.As then copy & paste ur config on a text editor,remove what u dont need then copy paste the new config to ur router,save to memory & reload. It always works 4 me.
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
14 years 2 months ago #35492
by 1fox2go
Replied by 1fox2go on topic Re: Vpn configurtaion issues
Yea problem is this is a production box and I cant reload it during the day. And the kicker is, I cant work with the guys on the VPN at night due to time zone differences
Anywho, I put a TAC in with cisco and got the issue resolved. Even he was unsure as to why the ASDM would not build the tunnel
So instead of using the next crypto map number in series we jumped way ahead to 200 and it fixed the issue.
Anywho, I put a TAC in with cisco and got the issue resolved. Even he was unsure as to why the ASDM would not build the tunnel
So instead of using the next crypto map number in series we jumped way ahead to 200 and it fixed the issue.
Time to create page: 0.128 seconds