Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

JohnYang · ‎02-03-2006

Wonder if anyone has encountered this error message ?

Our router recently started to receive these messages.

One Cico doc indicates to be short on IPSec Anti-Replay Window size and a TAC case stated due to encrypted packet received out of sequence.

Not sure if there are any negative impact on increasing the window size.

Any assistance will be greatly appreciated....

spremkumar · ‎02-06-2006

hi

You can make use of the following command to increase the window size manually which is 64 by default..

crypto ipsec security-association replay window-size

check these links for more info..

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a0080371665.html

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad4.html

Also find the exact meaning for the error message which you are getting in ur router..

%CRYPTO-4-PKT_REPLAY_ERR: [chars] connection id=[dec]

The replay processing has failed. The failed replay processing may be a temporary condition caused by the wait for new SAs to be established. In the inbound case, this error might also be caused by an actual replay attack. This activity can be considered a hostile event.

Recommended Action: If the problem appears to be more than a transient one, contact the peer administrator.

Again a bug inline with the same error message with bug id CSCdp19680,this occurs when u use transform-set esp-md5-hmac is enabled. ...

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#check

regds

JohnYang · ‎02-06-2006

Thanks for your information. I will look into it.