B1izzard
asked on
Cisco IPSec send errors
I have setup 3 different VPN tunnels from Cisco routers (3640 & 2901) to an ASA 5505 firewall. Everything seems to work perfectly but on each router it shows exactly 3 send errors initially, then once the tunnels are up to the ASA, I do not get any errors. What causes this, and is it a concern?
2901-B#sh crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: CMAP, local addr 173.x.x.26
protected vrf: (none)
local ident (addr/mask/prot/port): (172.28.100.0/255.255.255. 0/0/0)
remote ident (addr/mask/prot/port): (172.16.100.0/255.255.255. 0/0/0)
current_peer 173.x.x.17 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 105, #pkts encrypt: 105, #pkts digest: 105
#pkts decaps: 110, #pkts decrypt: 110, #pkts verify: 110
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 0
local crypto endpt.: 173.x.x.26, remote crypto endpt.: 173.x.x.17
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xB85E1905(3093174533)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xF8C34C51(4173548625)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: Onboard VPN:1, sibling_flags 80000046, crypto map: CMAP
sa timing: remaining key lifetime (k/sec): (4557295/3548)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xB85E1905(3093174533)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: Onboard VPN:2, sibling_flags 80000046, crypto map: CMAP
sa timing: remaining key lifetime (k/sec): (4557304/3548)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
2901-B#sh crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: CMAP, local addr 173.x.x.26
protected vrf: (none)
local ident (addr/mask/prot/port): (172.28.100.0/255.255.255.
remote ident (addr/mask/prot/port): (172.16.100.0/255.255.255.
current_peer 173.x.x.17 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 105, #pkts encrypt: 105, #pkts digest: 105
#pkts decaps: 110, #pkts decrypt: 110, #pkts verify: 110
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 0
local crypto endpt.: 173.x.x.26, remote crypto endpt.: 173.x.x.17
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xB85E1905(3093174533)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xF8C34C51(4173548625)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: Onboard VPN:1, sibling_flags 80000046, crypto map: CMAP
sa timing: remaining key lifetime (k/sec): (4557295/3548)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xB85E1905(3093174533)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: Onboard VPN:2, sibling_flags 80000046, crypto map: CMAP
sa timing: remaining key lifetime (k/sec): (4557304/3548)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER