This is ridiculous.. and appreciate the pipe in @TranceforLife. Yes, incrementing enc/dec packets. And check this out.. when I run a PCAP, and filter right down to a source of a /32 and a destination of a /32 (near and far end), all 4 stages of what it can pcap.. I literally get no files created when I try to, like, http/https browse. Nothing. I start my ping off to the dest.. bang files created.. 😕 If it helps, at least on the far end/Cisco side I get a repeating, ---------------------------------------------------------------------------------------------------------------------------------------------------------- IPSEC: The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as pkt_daddr its source as pkt_saddr, and its protocol as pkt_prot. The SA specifies its local proxy as id_daddr/id_dmask/id_dprot/id_dport and its remote proxy as id_saddr/id_smask/id_sprot/id_sport. ----------------------------------------------------------------------------------------------------------------------------------------------------------
... View more