Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection

Does anyone know what could be causing this error?

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=

I have an GRE over IPSec VPN tunnel using ISAKMP that keep generating this error.

I have verified that the shared keys are the same on both ends. I check the error lookup tool and it seems to point to that.

I also tried disabling CEF and Fast Switching on the interface but that hasn't helped either.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

I got the same problem to.

Just to let you know, there is bug open at Cisco for this (CSCsv43145)

They said, it is only cosmetic not service affecting.

(But it generate a lot of messages in the router log file)

6 REPLIES
Cisco Employee

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

This normally means that the packet failed authentication, meaning that something changed in the packet in transit, and the hash sent by the other side didn't match the hash calculated by this router. This could be due to a number of things:

1) Faulty router in the middle dropping bits or changing the packet in some way

2) Hardware encryption module or routers on either side having an issue.

You can try the following:

Disable hardware encryption (no crypto engine accelerator) on both sides to see if the error goes away. If yes, then the issue could most likely be the hardware module. Make sure you don't do this during peak times as software encryption may not be able to handle the traffic flowing through the tunnel.

New Member

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

OK I will give that a try and report back.

New Member

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

The head end router isn't experiencing this issue and neither are any other spokes. I disabled hardware acceleration on the one spoke with the issue and the error is still occurring.

New Member

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

Hi,

My router encounter the same error as you mention. Did you found the root cause already? Beside seeing this error, is the performance affected ?

Could it be the service provider PE issue which will cause the error?

Rgds,

Christopher

New Member

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

I got the same problem to.

Just to let you know, there is bug open at Cisco for this (CSCsv43145)

They said, it is only cosmetic not service affecting.

(But it generate a lot of messages in the router log file)

Bronze

Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for

I was having the same problem and found your post.

In my case the problem was the one mentioned by auraza.

The hardware accelerator with some problem.

1945
Views
19
Helpful
6
Replies