Hi all , i got this msg on my 3845.. and after some search I found that cisco relate the errors to this ... but could not understand what needs to be done. by the way my errors does not have " connection id=#." statement
This output shows an example of the 'Replay Check Failed' error:
"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#." This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .
IPSec as a security suite has one security feature called anti replay, which ensures that packets are not altered or tampered during the patch to the remote peer, when a packet comes out of order the Replay feature reports an error which is what shows here, these errors are tipically caused by a delay on the path. If you want to stop receiving this error you can do one of either things:
1. Check the path to see any delays.
2. Increase the anti replay window size on the router that repots the error
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...