Crypto Error - %CRYPTO-4-RECVD_PKT_MAC_ERR (x1):

Unanswered Question
Feb 23rd, 2009

Hi Network Folks,

Please help me here, searching for your help.Here is the scenrio.

We have IPSEC over GRE tunnel between End A to End B.

I am receiving continious error in End A router - 2821.

Pls find the below logs.

Feb 24 01:32:43 UTC: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3002 local=1.1.1.1 remote=2.2.2.2 spi=A787F8E5 seqno=00000174

I have tried rebuild the tunnel at both the end but no luck, can anybody suggest for the above errors.Awaiting anxiously

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Tue, 02/24/2009 - 12:00

On the router that logs these messages, can you increase the replay window size?

kdelhi_ganesh Sun, 03/01/2009 - 12:03

Hi,

Sorry for the delayed reply;Infact there is no production issue because of this errors.

Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"

Thanks,

Ganesh

auraza Thu, 02/26/2009 - 13:46

This error basically means that the packet failed authentication.

You can try disabling the hardware crypto engine and see if that makes the error go away:

no crypto engine accelerator

If the error doesn't go away and it changes to a different error, it could mean that packets are getting corrupted in transit, and thus failing authentication.

kdelhi_ganesh Sun, 03/01/2009 - 12:02

Hi,

Sorry for the delayed reply;Infact there is no production issue because of this errors.

Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"

Thanks,

Ganesh

Actions

This Discussion