10-24-2013 05:24 AM - edited 03-04-2019 09:24 PM
Hi ,
Strange situation on 3925 , there is no 85Mbps traffic on the router and message apears .
%CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:02:59.632: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
%CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:02:59.632: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
IOS: flash0:c3900-universalk9-mz.SPA.153-2.T.bin"
There is 13 tunnels like this one
ip tcp adjust-mss 1240
tunnel source FastEthernet0/0/1
tunnel mode ipsec ipv4
tunnel destination x.x.x.x
tunnel protection ipsec profile xxxxx
Any solution?
Regards,
Vladimir
Solved! Go to Solution.
10-25-2013 12:42 AM
But there is no 80Mbps at all , in one direction, so what triggered that log message ?
There is 85M (not 80M )in one direction.
Please check your interfaces for crypto maps and VTIs for tunnel protection.
10-25-2013 12:20 AM
Hello.
If you do not have a HSEC-k9 license installed on your ISR G2 router, you will see the following error message
on the console if the traffic exceeds 85-Mbps unidirectional or 170-Mbps bidirectional.
Please refer to https://www.cisco.com/en/US/prod/collateral/routers/ps10536/qa_c67_606268.pdf for details.
10-25-2013 12:33 AM
But there is no 80Mbps at all , in one direction, so what triggered that log message ?
I know about that HSECk9 , but Cisco said only if there is above 80Mbps .
feauture set.
ipbasek9 no no no yes no
securityk9 yes yes no yes yes
uck9 yes yes no yes yes
datak9 yes yes no no yes
gatekeeper yes yes no no yes
LI yes no no no no
SSL_VPN yes yes no no yes
ios-ips-update yes yes yes no yes
SNASw yes yes no no yes
hseck9 yes no no no no
cme-srst yes yes no no yes
WAAS_Express yes yes no no yes
UCVideo yes yes no no yes
and
*Oct 24 10:53:56.151: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:00:00.376: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:02:59.632: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:07:35.044: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 13:31:19: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5571 spi=5598C7CB seqno=0006E8F5
*Oct 24 13:40:01: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5571 spi=5598C7CB seqno=00098060
*Oct 24 14:01:57: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=5585, sequence number=422523 *Oct 24 10:53:56.151: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:00:00.376: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:02:59.632: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 11:07:35.044: %CERM-4-TX_BW_LIMIT: Maximum Tx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.
*Oct 24 13:31:19: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5571 spi=5598C7CB seqno=0006E8F5
*Oct 24 13:40:01: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=5571 spi=5598C7CB seqno=00098060
*Oct 24 14:01:57: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=5585, sequence number=422523
Regards,
10-25-2013 12:42 AM
But there is no 80Mbps at all , in one direction, so what triggered that log message ?
There is 85M (not 80M )in one direction.
Please check your interfaces for crypto maps and VTIs for tunnel protection.
06-11-2015 05:14 AM
I got this answer from TAC on the same message received on a 4331:
"The securityK9 license you are running has a limit of 85000 Kbps unidirectional or 170000 Kbps bi-directional of crypto traffic. This doesn’t reflect the traffic allowed across the link but the amount of traffic the router will encrypt and is measured in microseconds, so short bursts of traffic could trigger this issue."
08-01-2019 05:11 AM
Is there a fix action for this 'issue'? or a difference license set?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide