cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8727
Views
19
Helpful
6
Replies

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection

mlitka
Level 2
Level 2

Does anyone know what could be causing this error?

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=

I have an GRE over IPSec VPN tunnel using ISAKMP that keep generating this error.

I have verified that the shared keys are the same on both ends. I check the error lookup tool and it seems to point to that.

I also tried disabling CEF and Fast Switching on the interface but that hasn't helped either.

1 Accepted Solution

Accepted Solutions

I got the same problem to.

Just to let you know, there is bug open at Cisco for this (CSCsv43145)

They said, it is only cosmetic not service affecting.

(But it generate a lot of messages in the router log file)

View solution in original post

6 Replies 6

auraza
Cisco Employee
Cisco Employee

This normally means that the packet failed authentication, meaning that something changed in the packet in transit, and the hash sent by the other side didn't match the hash calculated by this router. This could be due to a number of things:

1) Faulty router in the middle dropping bits or changing the packet in some way

2) Hardware encryption module or routers on either side having an issue.

You can try the following:

Disable hardware encryption (no crypto engine accelerator) on both sides to see if the error goes away. If yes, then the issue could most likely be the hardware module. Make sure you don't do this during peak times as software encryption may not be able to handle the traffic flowing through the tunnel.

OK I will give that a try and report back.

The head end router isn't experiencing this issue and neither are any other spokes. I disabled hardware acceleration on the one spoke with the issue and the error is still occurring.

chris_tan
Level 1
Level 1

Hi,

My router encounter the same error as you mention. Did you found the root cause already? Beside seeing this error, is the performance affected ?

Could it be the service provider PE issue which will cause the error?

Rgds,

Christopher

I got the same problem to.

Just to let you know, there is bug open at Cisco for this (CSCsv43145)

They said, it is only cosmetic not service affecting.

(But it generate a lot of messages in the router log file)

I was having the same problem and found your post.

In my case the problem was the one mentioned by auraza.

The hardware accelerator with some problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: