Receiving EST packet failed authentication error for only one client

I have an IPSEC VPN set up on an ASA 5520. I have a few clients on it for testing purposes. All clients are working fine, except one that I keep receiving this message for:

IPSEC: Received an ESP packet (SPI= 0xA71AC130, sequence number= 0xB2C57) from (his external IP)(user= XXX) to (our ext. IP) that failed authentication.

I get the error in ~20 second intervals. He is passing traffic and not noticiing any problems, but this error is annoying. Any idea what is going on?
downscmAsked:
Who is Participating?
 
harbor235Commented:


Looks like the payload of some of his packets are being changed somewhere between creation and receiving them on your end. ESP encrypts and does integrity checking on the payload or the embeded IP packet only. Could be his NIC is having issues, check for input/output errors on his end or your receiveing end, or on any switch ports in between. The payload has changed somewhere in the path.

harbor235 ;}
0
 
harbor235Commented:
Sounds like its this client though, because no other clients have this issue(correct), it could be anywhere in his infrastructure from the time it is created to the time it gets routed to you.

harbor235 ;}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.