SRX

Question regarding RT_IPSEC log message

  • 1.  Question regarding RT_IPSEC log message

    Posted 4 days ago
    Hi everyone,

    recently my SRX (320) is generating log messages like

    RT_IPSEC router Decryption failure: ESP padding check failed, invalid padding content for packet 123.234.567.890-0.1.2.3, tunnel ID 1234567, SPI 0x.... source-address 256.257.258.259 destination-address 260.261.262.263 tunnel-id 1234567 index ...

    The IP's 123.234.567.890 and 0.1.2.3 belong to me, though the other 2 IP's 256.257.258.259 and 260.261.262.263 not. Now I guess I know what "padding check fails" mean and using AES256-GCM this shouldn't be a problem, though the IP's 256.257... and 260.261... don't "belong" to me nor do I build any tunnels to these.
    This message appears since some days, the 0.1.2.3 is the IP of the SRX, the remote endpoints are geographically located in 2 continents and I'm getting similar messages for different IP tunnels, where also the 256.257.258.259 and 260.261.262.263 IP's differ but in any case come from the same ASN.

    May someone be so kind to enlighten me ?

    ------------------------------
    Tommy Scheunemann
    ------------------------------