what is it in user friendly English

Unanswered Question
Apr 7th, 2009

Hi all , i got this msg on my 3845.. and after some search I found that cisco relate the errors to this ... but could not understand what needs to be done. by the way my errors does not have " connection id=#." statement

Thanks

======================================

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#." This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ivan Martinon Wed, 04/08/2009 - 06:10

IPSec as a security suite has one security feature called anti replay, which ensures that packets are not altered or tampered during the patch to the remote peer, when a packet comes out of order the Replay feature reports an error which is what shows here, these errors are tipically caused by a delay on the path. If you want to stop receiving this error you can do one of either things:

1. Check the path to see any delays.

2. Increase the anti replay window size on the router that repots the error

3. Disable the encryption card.

cisco steps Wed, 04/08/2009 - 08:03

Thank you, I did some search on google and by the time I read your msg. I had queite understanding. but you explanation was short and informational . Thanks again /

Actions

This Discussion