Crypto Error - %CRYPTO-4-RECVD_PKT_MAC_ERR (x1):

kdelhi_ganesh · ‎02-23-2009

Hi Network Folks,

Please help me here, searching for your help.Here is the scenrio.

We have IPSEC over GRE tunnel between End A to End B.

I am receiving continious error in End A router - 2821.

Pls find the below logs.

Feb 24 01:32:43 UTC: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3002 local=1.1.1.1 remote=2.2.2.2 spi=A787F8E5 seqno=00000174

I have tried rebuild the tunnel at both the end but no luck, can anybody suggest for the above errors.Awaiting anxiously

Ivan Martinon · ‎02-24-2009

On the router that logs these messages, can you increase the replay window size?

kdelhi_ganesh · ‎03-01-2009

Hi,

Sorry for the delayed reply;Infact there is no production issue because of this errors.

Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"

Thanks,

Ganesh

auraza · ‎02-26-2009

This error basically means that the packet failed authentication.

You can try disabling the hardware crypto engine and see if that makes the error go away:

no crypto engine accelerator

If the error doesn't go away and it changes to a different error, it could mean that packets are getting corrupted in transit, and thus failing authentication.

kdelhi_ganesh · ‎03-01-2009

Hi,

Sorry for the delayed reply;Infact there is no production issue because of this errors.

Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"

Thanks,

Ganesh