[c-nsp] C65k: IPSEC packet has invalid spi for...
Thorsten Ziegler
tziegler+cisco-nsp at imap.schlund.de
Mon Jan 17 05:43:26 EST 2005
Hi,
since upgrading to 12.2(18)SXD3, i'm getting lot's of these messages:
84073: Jan 4 01:26:50: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC
packet has invalid spi for
84074: destaddr=224.0.0.18, prot=51, spi=0xAC1313F8(-1408035848),
srcaddr=172.19.19.248
84077: Jan 4 01:27:50: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC
packet has invalid spi for
84078: destaddr=224.0.0.18, prot=51, spi=0xAC1304FB(-1408039685),
srcaddr=172.19.4.251
I understand why these messages are appearing, but i'm not interested in
these particular hosts as they are supposed to speak AH-secured VRRP -
how can i disable logging of these messages? I alread have disabled most
of crypto logging, but they are still appearing in my logs. Are there
other way then filtering these packet bye acls?
Any ideas?
Thanks,
Thorsten
More information about the cisco-nsp
mailing list