critical sys log on router - IPSEC vpn

Unanswered Question
Aug 23rd, 2009
User Badges:

Hey Guys,


I keep getting the below system on one of our wan routers that terminates a vpn tunnel.


Aug 19 11:29:13.553 AEST: %VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=x.x.x.x,dstadr=x.x.x.x,size=1376,handle=0x58E9


we have 1841 with ios version 12.4(13r)T


I found the 2 cisco bugs,

- CSCee43714

- CSCeg52468

But our ios does not seem to be affected.


I've also checked the security-Association information which is the same on both routers.


Does anyone have any ideas or suggestions?


Thanks,


Alan


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Fri, 08/28/2009 - 11:31
User Badges:
  • Bronze, 100 points or more

This is a notification message seen on the console of the decrypting peer that tells the user that IPSec packets have been received out of order.

I think 'Output Authentication' may be indicating ICV value mismatch and packet corruption.


Verify the cause of the problem by disabling the cef switching by issuing these commands:

(conf)# no ip cef

(conf-if)# no ip route-cache

(conf-if# no ip mroute-cache

For a workaround, issue these commands:

Change tcp adjust-mss on interfaces

Change crypto ipsec df-bit


Actions

This Discussion