ScreenOS Firewalls (NOT SRX)
Reply
Contributor
joshuasanders
Posts: 71
Registered: ‎05-03-2010
0

Re: IPsec tunnel received a packet with bad SPI

Clayton,

   Did this ever get resolved?  I'm experiencing the same issue on a NS5GT.

-Joshua

 

Contributor
haas
Posts: 110
Registered: ‎06-27-2008
0

Re: IPsec tunnel received a packet with bad SPI

I would like to see an update on this also.

Jason J. Wald
Juniper Networks Certified
Internet Associate - FWV
Contributor
Clayton
Posts: 26
Registered: ‎01-06-2009
0

Re: IPsec tunnel received a packet with bad SPI

[ Edited ]

I wish I could say there was a resolution but everything Juniper support had me try did not work.  I was checking here just today to see if anyone came up with a solution.

Visitor
FlorianK
Posts: 2
Registered: ‎05-23-2010
0

Re: IPsec tunnel received a packet with bad SPI

Hey everyone,

I know this post is very old, but maybe it's still interesting for someone :-) I got the same alert:

[00001] 2011-09-07 00:02:05 [Root]system-alert-00026: IPSec tunnel on interface ethernet0/0 with tunnel ID 0xe received a packet with a bad SPI. 108.xxx.xxx.xxx->212.xxx.xxx.xxx/xx, ESP, SPI 0xaba9519d, SEQ 0x1.

After comparing the settings on both sides, it turned out that the lifetime (phase 2 proposal) of the encryption key was set to different values - 3600 seconds on the remote side (108.xxx.xxx.xxx), 28800 seconds here on my side (212.xxx.xxx.xxx). So I modified the settings, set them to the same value and - what a surprise - it works, the alerts disappeared.

 

I hope I could help someone with this post.

 

Florian

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.