Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pavel88
Explorer

#fw ctl zdebug drop, strange log

Jump to solution

Hi all,

Hi to all, anyone familiar with this drop (fw ctl zdebug + drop)

When I ping thru VPN s2s I get latency on the traffic (around 360ms on each ping)

On #fw ctl zdebug + drop is see this drop continually.
;[cpu_1];[fw4_0];update_narrowed_mspi_on_enc_opaque: Connection <dir 1, 192.168.1.1:2 -> 172.16.20.10:0 IPP 1> does not have an opaque;

anyone is familiar with this?

Thank you.

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion

Hi @Pavel88,

MSPI is a tunnel identifier. It is a local counter that uniquely identifies a tunnel on the given machine. MSPI is an index to the MSA (Meta SA), which contains fields common to all SAs with the same peer, methods, and IDs. When a new IPsec tunnel is established, a new MSPI is created by it, and it gets the next free MSPI number. The MSPI counter is then increased.

I think there is something incorrect with the MSPI update in the encryption process.

I would open a TAC case.

View solution in original post

2 Replies
HeikoAnkenbrand
Champion
Champion

Hi @Pavel88,

MSPI is a tunnel identifier. It is a local counter that uniquely identifies a tunnel on the given machine. MSPI is an index to the MSA (Meta SA), which contains fields common to all SAs with the same peer, methods, and IDs. When a new IPsec tunnel is established, a new MSPI is created by it, and it gets the next free MSPI number. The MSPI counter is then increased.

I think there is something incorrect with the MSPI update in the encryption process.

I would open a TAC case.

View solution in original post

_Val_
Admin
Admin

Open a TAC case, this is a clear support issue

0 Kudos