Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Issue with HMAC Verification failures on Cisco 877 routers

Unanswered Question
Jan 26th, 2007
User Badges:

We have a number of remote sites with either Cisco 837 or Cisco 877 ADSL routers connecting to head office PIX515E using an IPSEC VPN tunnel.

In the last few days I have noticed the following errors in some (but not all) of the Cisco 877 routers:

Jan 26 11:17:12.801: %MOTCR-1-ERROR: motcr_crypto_callback() motcr return failure

Jan 26 11:17:12.801: %MOTCR-1-PKTENGRET_ERROR: MOTCR PktEng Return Value = 0x20000, PktEngReturn_MAC

We are not seeing any such errors on the Cisco 837 routers.

The Cisco 877s are running 12.4(4)T3 and 12.4(4)T4.

I had a look on CCO but could only find this info on the error:


This suggests that the problem is the "HMAC verification has failed" and that no action needs to be taken unless the error becomes more frequent.

Well, we are starting to see these errors every half an hour or so on the affected routers.

It goes on to say that it could be caused by a defect in the crypto accelerator but doesn't say a) how to determine if that is the case and b) how to fix it!

So, my questions are, what could be causing this issue and how can I resolve it? What impact is this likely to be having and do I need to be overly concerned? (I'm not aware of the users at these sites having any issues which could be related to this - as yet anyway!)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
mitchen Mon, 02/05/2007 - 02:18
User Badges:

Ran "show crypto ipsec sa" but no sign of any packet drop.

mitchen Thu, 05/17/2007 - 01:14
User Badges:


no, I'm afraid we never managed to find the source of this problem. We tried upgrading the IOS to 12.4(11)T1 and this stopped the previous error message but instead we started seeing error messages like:

"%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection"

Since there were no complaints about performance and we could find no evidence to suggest any hostile activity, we have just been "living with it" for the time being.

However, it would be nice to resolve this problem once and for all as clearly something is not right so if anyone has any ideas please let us know!



This Discussion