Loading...
Loading...
%CRYPTO-4-RECVD_PKT_INV_SPI: syslog printed even without IPSec being configured.
It is reported in this CDETS that is Observed on Cisco Switching Platforms, however this can be observed on any device (switch/router) and with or without IPSEC config.
Apply infrastructure ACLS and drop protocol 50 (ESP).
This log is printed when an ESP packet is received for which we do not have a IPSec session with the source of the packet. In case this log is observed on a device where IPSec is not configured then the actual problem is how the ESP packet is sent to this device, and that is to be fixed in the first place. This can be observed even with IPSec config as well, if we have an IPSec session with multiple peers, however, we are receiving an ESP packet from a new/unknown peer destined for this node then even that would result in this log message pointing that we have received a ESP data packet with invalid SPI.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.