Event ID - ASA-4-402114

Message CodeASA-4-402114
SeverityWarning
DescriptionIPSEC: Received an protocol packet (SPI=spi, sequence number=seq_num) from remote_IP to local_IP with an invalid SPI.
  • protocol—IPSec protocol.
  • spi—IPSec Security Parameter Index
  • seq_num—IPSec sequence number
  • remote_IP—IP address of the remote endpoint of the tunnel.
  • username—Username associated with the IPSec tunnel.
  • local_IP—IP address of the local endpoint of the tunnel
ExplanationThis message is displayed when an IPSec packet is received that specifies an SPI that does not exist in the SA database. This may be a temporary condition caused by slight differences in aging of SAs between the IPSec peers, or it may be because the local SAs have been cleared. It may also indicate incorrect packets sent by the IPSec peer, which may be part of an attack. This message is rate limited to no more than one message every five seconds.
User ActionThe peer may not acknowledge that the local SAs have been cleared. If a new connection is established from the local router, the two peers may then reestablish successfully. Otherwise, if the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer administrator.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh