02-23-2009 05:39 PM
Hi Network Folks,
Please help me here, searching for your help.Here is the scenrio.
We have IPSEC over GRE tunnel between End A to End B.
I am receiving continious error in End A router - 2821.
Pls find the below logs.
Feb 24 01:32:43 UTC: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3002 local=1.1.1.1 remote=2.2.2.2 spi=A787F8E5 seqno=00000174
I have tried rebuild the tunnel at both the end but no luck, can anybody suggest for the above errors.Awaiting anxiously
02-24-2009 12:00 PM
On the router that logs these messages, can you increase the replay window size?
03-01-2009 12:03 PM
Hi,
Sorry for the delayed reply;Infact there is no production issue because of this errors.
Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"
Thanks,
Ganesh
02-26-2009 01:46 PM
This error basically means that the packet failed authentication.
You can try disabling the hardware crypto engine and see if that makes the error go away:
no crypto engine accelerator
If the error doesn't go away and it changes to a different error, it could mean that packets are getting corrupted in transit, and thus failing authentication.
03-01-2009 12:02 PM
Hi,
Sorry for the delayed reply;Infact there is no production issue because of this errors.
Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"
Thanks,
Ganesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: