Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is QOS causing IPSEC replay errors?

Should there be a "service-policy" command on the outbound interface when using the "qos pre-classify" under the crypto map?

I have several point-to-point links that use both the qos pre-classify and the service-policy on the interface, and all those links generate %CRYPTO-4-PKT_REPLAY_ERR errors under load.

Other links that only encrypt are not getting the %CRYPTO-4-PKT_REPLAY_ERR errors under load.

The documentation for QOS and VPN: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087ac4.html

Only states to use the "qos pre-classify" ???

I believe the packets are going through the QOS process twice. Once before encryption, and then again afterward resulting in the resequencing.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Is QOS causing IPSEC replay errors?

Hi,

IPSec replay error can also be caused due to a smaller replay window size. You might wanna try in creasing the replay window size.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad4.html

HTH,

-Kanishka

2 REPLIES
New Member

Re: Is QOS causing IPSEC replay errors?

Another possibility is that the "qos pre-classify" is just maintaining the orginal packets class after it encrypts. This would mean that the encrypted packets are going through QOS after encryption. (reordering) Many of the documents state the QOS will be done before the encryption, but if that is true I wouldn't be getting replay errors.

Cisco Employee

Re: Is QOS causing IPSEC replay errors?

Hi,

IPSec replay error can also be caused due to a smaller replay window size. You might wanna try in creasing the replay window size.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad4.html

HTH,

-Kanishka

432
Views
0
Helpful
2
Replies