We have several IPSEC tunnels to all kinds of different routers. When I enable "debug crypto ipsec" I get occasional messages like this:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
I know what it means and how to solve it, but unfortunately there is no reference to what SA it is related to.
Is there really no way to get this information? Anything pointing to the source of the problem would be welcome... (remote IP address, SA number, etc)