Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

critical sys log on router - IPSEC vpn

Hey Guys,

I keep getting the below system on one of our wan routers that terminates a vpn tunnel.

Aug 19 11:29:13.553 AEST: %VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=x.x.x.x,dstadr=x.x.x.x,size=1376,handle=0x58E9

we have 1841 with ios version 12.4(13r)T

I found the 2 cisco bugs,

- CSCee43714

- CSCeg52468

But our ios does not seem to be affected.

I've also checked the security-Association information which is the same on both routers.

Does anyone have any ideas or suggestions?

Thanks,

Alan

1 REPLY
Bronze

Re: critical sys log on router - IPSEC vpn

This is a notification message seen on the console of the decrypting peer that tells the user that IPSec packets have been received out of order.

I think 'Output Authentication' may be indicating ICV value mismatch and packet corruption.

Verify the cause of the problem by disabling the cef switching by issuing these commands:

(conf)# no ip cef

(conf-if)# no ip route-cache

(conf-if# no ip mroute-cache

For a workaround, issue these commands:

Change tcp adjust-mss on interfaces

Change crypto ipsec df-bit

376
Views
0
Helpful
1
Replies