Guest

Preview Tool

Cisco Bug: CSCtd47420 - GETVPN - CRYPTO-4-RECVD_PKT_NOT_IPSEC reported for pkt not matching flow

Last Modified

Feb 08, 2017

Products (1)

  • Cisco IOS

Known Affected Releases

15.0(1)M

Description (partial)

Symptom:
With GETVPN, when a receiver receives an IPSec packet that doens't match
anything in its SADB, the router would log a message like this:

*Nov 25 19:28:57.607: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an
IPSEC packet. (ip) vrf/dest_addr= /192.168.14.2, src_addr= 192.168.13.2, prot= 50

Instead, the router should log a %CRYPTO-4-RECVD_PKT_INV_SPI message since 
the packet received is an IPSec packet.

Conditions:
This problem occurs when a GETVPN receiver receives an an IPSec packet that 
doens't match any SAs in its database.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.