pkts invalid identity

[Svanen]

Hi!

I get this error "pkts invalid identity", does anyone know what it means?

Thanks!!

Johan

#pkts encaps: 306841, #pkts encrypt: 306841, #pkts digest 306841
#pkts decaps: 306726, #pkts decrypt: 341757, #pkts verify 341757
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#pkts no sa (send) 78, #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 35031, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0

 

[dopehead]

Sounds like an SA that has timed out in one end but the other end is still sending packets with that SPI and so these are invalid/unknown id's from your pix point of view.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[Svanen]

Is there a way to clear isakmp/ipsec sa just for this tunnel, or is the only solution to clear all sa's or reload the pix, i don't want to do that...

 

[Svanen]

Jan: Thanks for your reply..