I have a l2l VPN between a PIX 520 6.3(5) and a PIX 506 6.3(5) and i noticed today that the 520 is logging the following message .
IPSEC(cipher_ipsec_request): decap failed for [peer] -> [pix] IPSEC(sw_esp_decap): fail antireplay check
I did a clear cry isakmp sa and clear cry ipsec sa on both PIX and the message didn't reappear since but i am not sure if it resolved the problem .
But what exactly is the antireplay check and what can i conclude from this message ?
transform-set is esp-3des esp-sha-hmac