Question regarding RT_IPSEC log message

  • 1.  Question regarding RT_IPSEC log message

    Posted 01-12-2021 16:33
    Hi everyone,

    recently my SRX (320) is generating log messages like

    RT_IPSEC router Decryption failure: ESP padding check failed, invalid padding content for packet 123.234.567.890-, tunnel ID 1234567, SPI 0x.... source-address destination-address tunnel-id 1234567 index ...

    The IP's 123.234.567.890 and belong to me, though the other 2 IP's and not. Now I guess I know what "padding check fails" mean and using AES256-GCM this shouldn't be a problem, though the IP's 256.257... and 260.261... don't "belong" to me nor do I build any tunnels to these.
    This message appears since some days, the is the IP of the SRX, the remote endpoints are geographically located in 2 continents and I'm getting similar messages for different IP tunnels, where also the and IP's differ but in any case come from the same ASN.

    May someone be so kind to enlighten me ?

    Tommy Scheunemann