Hi , I keep ketting these messages on my Cisco router. When these messages show up the VPN goes down for a few minutes and then automatically fixes
itself after a few more minutes. Here's the message: IPSEC (decapsulation):error is decapsulation crypto ipsec_sa_exists. crypto-4-recvd_inv_SPI: decaps: rec'd IPSEC packet has invalid SPI destaddr=x.x.x.x, prot=50,spi=0x2f0j2500 ( 535353526) The remote office Cisco router is connected to my firewall using an IPSEC VPN. It's using IKE for the keys. On the Checkpoint firewall1 encryption propeties tab it says "renegotiate IKE SA every 52 minutes" and "renegotiate IPSEC SA's every 3600 seconds. On the Cisco router if I do "sh crypto isakmp policy". I see the lifetime set for 3120 seconds ( which equates to 52 minutes). If I do a "sh crypto ipsec security-association-lifetime". I see 4608000 kilobytes/3600 seconds which also matches the checkpoint properties tab. Any help is appreciated. -- John A. Gesualdi, CCNP, CCDP, MCSE 2000 [EMAIL PROTECTED] The Providence Journal Company Phone (401)277-8133 Pager (401)785-6938 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35890&t=35890 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
