| Message Code | PIX-4-402116 |
| Severity | Warning |
| Description | "IPSEC: Received an protocol packet (SPI=spi, sequence number= seq_num) from remote_IP (username) to local_IP . The decapsulated inner packet doesn’t match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr , its source as pkt_saddr , and its protocol as pkt_prot . The SA specifies its local proxy as id_daddr /id_dmask /id_dprot /id_dport and its remote proxy as id_saddr /id_smask /id_sprot /id_sport ." |
| Explanation | This message is displayed when a decapsulated IPSec packet does not match the negotiated identity. The peer is sending other traffic through this security association. It may be due to a security association selection error by the peer, or it may be part of an attack. This message is rate limited to no more than one message every five seconds. protocol—IPSec protocol spi—IPSec Security Parameters Index seq_num—IPSec sequence number remote_IP—IP address of the remote endpoint of the tunnel username—Username associated with the IPSec tunnel local_IP—IP address of the local endpoint of the tunnel pkt_daddr—Destination address from the decapsulated packet pkt_saddr—Source address from the decapsulated packet pkt_prot—Transport protocol from the decapsulated packet id_daddr—Local proxy IP address id_dmask—Local proxy IP subnet mask id_dprot—Local proxy transport protocol id_dport—Local proxy port id_saddr—Remote proxy IP address id_smask—Remote proxy IP subnet mask id_sprot—Remote proxy transport protocol id_sport—Remote proxy port |
| User Action | Contact the peer administrator and compare policy settings. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.