Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
10
Helpful
3
Replies

Getting CRYPTO-4-PKT_REPLAY_ERR replay check failed message

Patrick McHenry
Level 3
Level 3

‎08-13-2013 06:30 AM - edited ‎03-04-2019 08:45 PM

Hi,

In dynamips I created a GRE tunnel over a VPN between 2 routers over a simulated Internet connection and it works great. I'm able to create EIGRP neighborships, exchange routes and ping across it all day without losing a ping.

Next, I created a l2TPv3 tunnel across the VPN to have a VLAN existing on both sides. Shortly after sending traffic across the l2TPv3 tunnel, the EIGRP neighborship fails, the tunnel breakes, and I start losing pings. The tunnel will then re-establish and the fail again and again and my pings will fail and succeed for a bit then fail.

Console message:

%CRYPTO-4-PKT_REPLAY_ERR replay check failed

From looking around for work-arounds I've increased the crypto ipsec security-association replay window-size to 1028 and used encryption only on both sides of the VPN but, still the tunnel breaks.

See attached diagram.

Any suggestions?

Thank you, Pat.

Labels:
Preview file
16 KB
0 Helpful
3 Replies 3

Lei Tian
Cisco Employee
Cisco Employee

‎08-13-2013 04:19 PM

Hi Patrick,

What IP are you using for l2tpv3 tunnel?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

Patrick McHenry
Level 3
Level 3
In response to Lei Tian

‎08-14-2013 08:50 AM

Lei,

That's a good question. I'll look tonight when I get home to look at my lab.

Thanks

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-14-2013 08:53 AM

Disable replay check altogether.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card