• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1606
  • Last Modified:


show crypto ipsec sa peer
 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0  
 #pkts decaps: 170, #pkts decrypt: 170, #pkts verify: 170
Its a vpn between cisco router and check point. Does anyone know the reason why packets are being decrypted but not encapsulated.
And as result end to end connectiveity is not working.

1 Solution
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
This is a common issue. When you see that you have packets decapsĀ“d but not encapsĀ“d it means that the tunnel is fully setup and you are receiving packets, but you are not sending any packets back. The far most common reason for this is some kind of routing- or nat-issue. For example if your nat is misconfigured the outbound source address is not correct, is not hitting the crypto map and therefore "misses" the vpn-tunnel.

Please post your config here for further help with troubleshooting.

tech2010Author Commented:
yes it was a routing issue.
Can you give me an example of what you did. I'm running into the same issue.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now