Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
JohnYang
JohnYang
Community Member
‎02-03-2006 11:53 AM
‎02-03-2006 11:53 AM

Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

Wonder if anyone has encountered this error message ?

Our router recently started to receive these messages.

One Cico doc indicates to be short on IPSec Anti-Replay Window size and a TAC case stated due to encrypted packet received out of sequence.

Not sure if there are any negative impact on increasing the window size.

Any assistance will be greatly appreciated....

Labels:
0 Helpful
Reply
2 REPLIES
spremkumar
spremkumar Red
Red
‎02-06-2006 02:28 AM
‎02-06-2006 02:28 AM

Re: Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay che

hi

You can make use of the following command to increase the window size manually which is 64 by default..

crypto ipsec security-association replay window-size

check these links for more info..

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a0080371665.html

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad4.html

Also find the exact meaning for the error message which you are getting in ur router..

%CRYPTO-4-PKT_REPLAY_ERR: [chars] connection id=[dec]

The replay processing has failed. The failed replay processing may be a temporary condition caused by the wait for new SAs to be established. In the inbound case, this error might also be caused by an actual replay attack. This activity can be considered a hostile event.

Recommended Action: If the problem appears to be more than a transient one, contact the peer administrator.

Again a bug inline with the same error message with bug id CSCdp19680,this occurs when u use transform-set esp-md5-hmac is enabled. ...

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#check

regds

Reply
JohnYang
JohnYang
Community Member
‎02-06-2006 11:21 AM
‎02-06-2006 11:21 AM

Re: Got error msg: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay che

Thanks for your information. I will look into it.

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
2141
Views
8
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
75
36
75
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
25
2
25
All Blogs