Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LOG ERROR

Im checking the logs on the router and im getting this log:

" CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed "

Im wondering why Im getting this log and how can I fix it.

Any help wll be appreciated....

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Ana,What device , what

Ana,

What device , what IOS

show version would help.

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#."

This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

http://www.cisco.com...0800949c5.shtml

Below are some reference in regards to this error:

https://supportforums.cisco.com/document/9021/user-recieves-crypto-4-pktreplayerr-decrypt-replay-check-failed-error-message-multi

 

HTH

Inayath

*Plz dont forget to rate if this info is helpfull.

2 REPLIES
Cisco Employee

Ana,What device , what

Ana,

What device , what IOS

show version would help.

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#."

This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

http://www.cisco.com...0800949c5.shtml

Below are some reference in regards to this error:

https://supportforums.cisco.com/document/9021/user-recieves-crypto-4-pktreplayerr-decrypt-replay-check-failed-error-message-multi

 

HTH

Inayath

*Plz dont forget to rate if this info is helpfull.

New Member

Thank you for the information

Thank you for the information, it was very usefull.

I was able to correct the error by  Expanding the Anti-Replay Window to the recomended size (1024).

 

 

 

 

 

32
Views
0
Helpful
2
Replies