Virtual Router/ Firewall/ VPN

New Member
Posts: 1
Registered: ‎01-15-2015

invalid SPI recovery

I have the following Vyatta code:


vyatta@tscvyatta:~$ show ver

Version:      VSE6.6R6

Description:  Brocade Vyatta 5415 vRouter 6.6 R6


A Cisco is at the remote side of the VPN and is configured with the statement:


crypto isakmp invalid-spi-recovery


This command allows you to configure your router so that when an invalid security parameter index error (shown as “Invalid SPI”) occurs, an IKE SA is initiated. The “IKE” module, which serves as a checkpoint in the IPSec session, recognizes the “Invalid SPI” situation. The IKE module then sends an “Invalid Error” message to the packet-receiving peer so that synchronization of the security association databases (SADBs) of the two peers can be attempted. As soon as the SADBs are resynchronized, packets are no longer dropped.


Is there a corresponding parameter on the Vyatta which can be configured?



Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.