cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
339
Views
5
Helpful
2
Replies

what is it in user friendly English

cisco steps
Level 1
Level 1

Hi all , i got this msg on my 3845.. and after some search I found that cisco relate the errors to this ... but could not understand what needs to be done. by the way my errors does not have " connection id=#." statement

Thanks

======================================

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#." This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

2 Replies 2

Ivan Martinon
Level 7
Level 7

IPSec as a security suite has one security feature called anti replay, which ensures that packets are not altered or tampered during the patch to the remote peer, when a packet comes out of order the Replay feature reports an error which is what shows here, these errors are tipically caused by a delay on the path. If you want to stop receiving this error you can do one of either things:

1. Check the path to see any delays.

2. Increase the anti replay window size on the router that repots the error

3. Disable the encryption card.

Thank you, I did some search on google and by the time I read your msg. I had queite understanding. but you explanation was short and informational . Thanks again /

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: