Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

Wonder if anyone has encountered this error message ?

Our router recently started to receive these messages.

One Cico doc indicates to be short on IPSec Anti-Replay Window size and a TAC case stated due to encrypted packet received out of sequence.

Not sure if there are any negative impact on increasing the window size.

Any assistance will be greatly appreciated....


Re: Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay che


You can make use of the following command to increase the window size manually which is 64 by default..

crypto ipsec security-association replay window-size

check these links for more info..

Also find the exact meaning for the error message which you are getting in ur router..

%CRYPTO-4-PKT_REPLAY_ERR: [chars] connection id=[dec]

The replay processing has failed. The failed replay processing may be a temporary condition caused by the wait for new SAs to be established. In the inbound case, this error might also be caused by an actual replay attack. This activity can be considered a hostile event.

Recommended Action: If the problem appears to be more than a transient one, contact the peer administrator.

Again a bug inline with the same error message with bug id CSCdp19680,this occurs when u use transform-set esp-md5-hmac is enabled. ...


Community Member

Re: Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay che

Thanks for your information. I will look into it.

CreatePlease to create content