Troubleshooting Cisco VPN’s on the IOS #
ran into an issue where the VPN tunnel was reporting up but traffic failed to flow. the following commands can allow you to check for an invalid SPI key
- show platform hardware qfp active statistics drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
AttnInvalidSpid 469 1876
- show platform hardware qfp active feature ipsec datapath drops
------------------------------------------------------------------------
Drop Type Name Packets
------------------------------------------------------------------------
58 UNEXP_CRYPTO_DEVICE_DROP_TYPE 489