Message Code | PIX-4-402101 |
Severity | Warning |
Description | Decaps: rec'd IPSEC packet has invalid spi for destaddr=dest_address, prot=protocol, spi=number |
Explanation | Received IPSec packet specifies a security parameters index (SPI) that does not exist in the security association database (SADB). This may be a temporary condition due to slight differences in aging of SAs between the IPSec peers or it may be due to the clearing of the local SAs. This condition may also be caused by incorrect packets sent by the IPSec peer. This may also be an attack. |
User Action | The peer may not acknowledge that the local SAs have been cleared. If a new connection is established from the local router, the two peers may then reestablish successfully. If the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer's administrator. |
Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.