[c-nsp] C65k: IPSEC packet has invalid spi for... - Thorsten Ziegler - net.nether.puck.cisco-nsp

1 message in net.nether.puck.cisco-nsp[c-nsp] C65k: IPSEC packet has invali...

From	Sent On	Attachments
Thorsten Ziegler	Jan 17, 2005 11:13 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	[c-nsp] C65k: IPSEC packet has invalid spi for...	Actions...
From:	Thorsten Ziegler (tzie...@imap.schlund.de)
Date:	Jan 17, 2005 11:13:55 am
List:	net.nether.puck.cisco-nsp

Hi,

since upgrading to 12.2(18)SXD3, i'm getting lot's of these messages:

84073: Jan 4 01:26:50: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for 84074: destaddr=224.0.0.18, prot=51, spi=0xAC1313F8(-1408035848), srcaddr=172.19.19.248 84077: Jan 4 01:27:50: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for 84078: destaddr=224.0.0.18, prot=51, spi=0xAC1304FB(-1408039685), srcaddr=172.19.4.251

I understand why these messages are appearing, but i'm not interested in these particular hosts as they are supposed to speak AH-secured VRRP - how can i disable logging of these messages? I alread have disabled most of crypto logging, but they are still appearing in my logs. Are there other way then filtering these packet bye acls?

Any ideas?

Thanks, Thorsten

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: