Hi All,
First off, I'd like to say "What a great group!". I've been lurking for years, and an off/on contributor, and I don't think that I've found any resource as valuable as this group. So thanks and keep up the great work folks!!!
Now then, I've been receiving the following error (%CRYPTO-4-RECVD_PKT_INV_IDENTITY) on my core WAN routers, and I have not found a reason for it. I went to Cisco's dubious value error message decoder, and all that it could say was this:
%CRYPTO-4-RECVD_PKT_INV_IDENTITY: [chars] (ip) dest_addr= [IP_address], src_addr= [IP_address], prot= [dec] (ident) local=[IP_address], remote=[IP_address] local proxy=[IP_address]/[IP_address]/[dec]/[dec], remote_proxy=[IP_address]/[IP_address]/[dec]/[dec]
A decapsulated IPSec packet does not match its negotiated identity. The peer is sending other traffic through this SA. This condition may be due to an SA selection error by the peer. This condition might be considered a hostile event.
I'm pretty sure at this point that its not a hostile event, but of course anything is possible. We encrypt everything that goes over any shared media (to include DS3 and T1s) due to HIPPA regulations, so we have a bunch of SAs terminated on these boxes. Here is the output of the show version command. I would also paste the config here, or at least part of it, but that isn't allowed because of higher ups that don't understand how IT works, and therefore have made sharing ANY parts of a config verboten.
Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-DK2O3S-M), Version 12.1(19)E6, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC Support:
ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2) BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.1(8a)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
WAN-7206-1 uptime is 1 year, 8 weeks, 2 days, 22 hours, 43 minutes System returned to ROM by reload at 07:59:32 UTC Wed Jan 21 2004 System restarted at 23:08:17 daylight Wed Jan 21 2004 System image file is "disk0:c7200-dk2o3s-mz.121-19.E6.bin"
cisco 7206VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory. Processor board ID 28711167 R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3 Cache
6 slot VXR midplane, Version 2.7Last reset from power-on Bridging software. X.25 software, Version 3.0.0. Primary Rate ISDN software, Version 1.1.
PCI bus mb0_mb1 has 400 bandwidth points PCI bus mb2 has 480 bandwidth points
2 FastEthernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 8 Channelized T1/PRI port(s) 2 Channelized T3 port(s) 1 Integrated service adapter(s) 125K bytes of non-volatile configuration memory.47040K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102Thanks in advance for any light that y'all can shed on this!!
Regards,
-Richard