02-23-2009 05:39 PM
Hi Network Folks,
Please help me here, searching for your help.Here is the scenrio.
We have IPSEC over GRE tunnel between End A to End B.
I am receiving continious error in End A router - 2821.
Pls find the below logs.
Feb 24 01:32:43 UTC: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3002 local=1.1.1.1 remote=2.2.2.2 spi=A787F8E5 seqno=00000174
I have tried rebuild the tunnel at both the end but no luck, can anybody suggest for the above errors.Awaiting anxiously
02-24-2009 12:00 PM
On the router that logs these messages, can you increase the replay window size?
03-01-2009 12:03 PM
Hi,
Sorry for the delayed reply;Infact there is no production issue because of this errors.
Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"
Thanks,
Ganesh
02-26-2009 01:46 PM
This error basically means that the packet failed authentication.
You can try disabling the hardware crypto engine and see if that makes the error go away:
no crypto engine accelerator
If the error doesn't go away and it changes to a different error, it could mean that packets are getting corrupted in transit, and thus failing authentication.
03-01-2009 12:02 PM
Hi,
Sorry for the delayed reply;Infact there is no production issue because of this errors.
Thank you all for replying me for the above issue, i got the advice from TAC saying " THIS IS THE KNOW ISSUE AND NEED TO DOWNGRADE THE IOS"
Thanks,
Ganesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide