show crypto ipsec sa peer
 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0  
 #pkts decaps: 170, #pkts decrypt: 170, #pkts verify: 170
Its a vpn between cisco router and check point. Does anyone know the reason why packets are being decrypted but not encapsulated.
And as result end to end connectiveity is not working.

Who is Participating?
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
This is a common issue. When you see that you have packets decaps´d but not encaps´d it means that the tunnel is fully setup and you are receiving packets, but you are not sending any packets back. The far most common reason for this is some kind of routing- or nat-issue. For example if your nat is misconfigured the outbound source address is not correct, is not hitting the crypto map and therefore "misses" the vpn-tunnel.

Please post your config here for further help with troubleshooting.

tech2010Author Commented:
yes it was a routing issue.
Can you give me an example of what you did. I'm running into the same issue.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.