Crypto Error - %CRYPTO-4-RECVD_PKT_MAC_ERR (x1):

Unanswered Question
Feb 23rd, 2009
User Badges:

Hi Network Folks,


Please help me here, searching for your help.Here is the scenrio.


We have IPSEC over GRE tunnel between End A to End B.


I am receiving continious error in End A router - 2821.


Pls find the below logs.


Feb 24 01:32:43 UTC: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3002 local=1.1.1.1 remote=2.2.2.2 spi=A787F8E5 seqno=00000174



I have tried rebuild the tunnel at both the end but no luck, can anybody suggest for the above errors.Awaiting anxiously

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Tue, 02/24/2009 - 12:00
User Badges:
  • Cisco Employee,

On the router that logs these messages, can you increase the replay window size?

kdelhi_ganesh Sun, 03/01/2009 - 12:03
User Badges:

Hi,


Sorry for the delayed reply;Infact there is no production issue because of this errors.


Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"


Thanks,


Ganesh

auraza Thu, 02/26/2009 - 13:46
User Badges:
  • Cisco Employee,

This error basically means that the packet failed authentication.


You can try disabling the hardware crypto engine and see if that makes the error go away:

no crypto engine accelerator


If the error doesn't go away and it changes to a different error, it could mean that packets are getting corrupted in transit, and thus failing authentication.


kdelhi_ganesh Sun, 03/01/2009 - 12:02
User Badges:

Hi,


Sorry for the delayed reply;Infact there is no production issue because of this errors.


Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"


Thanks,


Ganesh



Actions

This Discussion