Enabling invalid SPI recovery

Last Updated : Apr 10, 2018 |

About this task

Invalid SPI Recovery enables an IKE SA to be established when an invalid security parameter index error occurs during packet processing. A notification of the invalid SPI error is sent to the originating peer so that the SA databases can be re-synchronized, and successful packet processing can be resumed.

Note:

Invalid SPI recovery is enabled by default. Configure invalid SPI recovery only if you wish to re-enable it after it was disabled.

Procedure

  1. Enable invalid SPI recovery with the crypto isakmp invalid-spi-recovery command.

    For example:

    Gxxx-001# crypto isakmp invalid-spi-recovery
Done!
  2. Configure NAT Traversal global parameters as described in NAT Traversal
Related information
Configuring global parameters