Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Vpn configurtaion issues

Vpn configurtaion issues 8 years 1 week ago #35451

Hello. I am working on setting up a VPN and I am getting this error message.

"Received encrypted packet with no matching SA, dropping"

I am fairly new to this so any help would be great. I can also do any show * commands if anyone needs to see anything.


Re: Vpn configurtaion issues 8 years 1 week ago #35466

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13

Can you please post both router configurations so we can check it for you ?

Chris Partsenidis.
Founder & Editor-in-Chief

Re: Vpn configurtaion issues 8 years 1 week ago #35467

I can post the config on my end. The remote site is using a Checkpoint ng R55 for their side.

I am also getting these errors when I view the log viewer in ASDM.

Received Oakley Main mode packet with invalid payloads
Warning: Had problems decrypting packet, probably due to mis-matched pre shared key, switching user to tunnel group. DefaultL2L Group
Error: Had problems decrypting packet, probably due to mismatched key, Aborting
Received encrypted packet with no matching SA, dropping

I know I have the correct Pre shared key on my side, they confirm that it is correct on their end

Re: Vpn configurtaion issues 8 years 1 week ago #35471

Actually now I believe the issue is 2 of the same VPNs trying to connect at one time. Myself and the remote site technician made the decision to remove the vpn and rebuild it. I discovered today that after removing the tunnel-group, access-lists and crypto map associated with their IP that the tunnel is still up.

How can I remove the VPN completely and start over? Thanks

Re: Vpn configurtaion issues 8 years 6 days ago #35476

  • Losh
  • Losh's Avatar
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 103
  • Thank you received: 0
I was thinkn about ur slight problem & what i was thinking is that there were multiple Security Associations (S.A) tied 2 the same traffic defined by the crypto map. That means that the router on the other end is also receiving the same message. If ur thinkn of setting up new S.As then copy & paste ur config on a text editor,remove what u dont need then copy paste the new config to ur router,save to memory & reload. It always works 4 me.
~ Networking :- Just when u think its starting to make sense......... ~

Re: Vpn configurtaion issues 8 years 2 days ago #35492

Yea problem is this is a production box and I cant reload it during the day. And the kicker is, I cant work with the guys on the VPN at night due to time zone differences

Anywho, I put a TAC in with cisco and got the issue resolved. Even he was unsure as to why the ASDM would not build the tunnel

So instead of using the next crypto map number in series we jumped way ahead to 200 and it fixed the issue.
  • Page:
  • 1
Time to create page: 0.163 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup