IKE protocol notification message received: INVALID-SPI (11).

L7 Applicator

What if you apply commands below at ASA side to clear and resync SAs.


clear crypto isakmp

clear crypto sa

Enterprise Architect @ Cloud Carib www.cloudcarib.com
L2 Linker

i have tried many times to clear SA's (Phase1/2) and re-initae the VPN's but the same error appreares again and again.

L5 Sessionator

How does this behave? All traffic stops passing through that VPN? Does it recover eventually? Does it happen periodically?


Check time on both devices. And check SPIs for this tunnel on both sides when this error starts happening. Compare them if they match.


L2 Linker

i'm seeing this log once the problem started


iph1->ivm == NULL



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!