Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog error from all ADSL 837's - what do they mean?

I keep getting the following error sform our ADSL 837 routers which LAN-to-LAN to our Cisco concentraor, these error rarley appear but have got worse the last few days.

3/16/2006 11:46 AM : 40: destaddr=89.137.100.100, prot=50, spi=0x5189CE04(1367985668), srcaddr=Cisco_Concentrators

3/16/2006 11:46 AM : CRYPTO-4-RECVD_PKT_INV_SPI 39: Mar 16 11:44:14.394: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

3/16/2006 11:46 AM : CRYPTO-4-RECVD_PKT_MAC_ERR 95: *Apr 9 21:04:08.362: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=134219748

3/16/2006 11:47 AM : CRYPTO-4-RECVD_PKT_MAC_ERR 41: Mar 16 11:44:41.978: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2044

3/16/2006 11:47 AM : CRYPTO-4-RECVD_PKT_INV_SPI 178: Mar 16 11:45:06.122 UTC: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

1 REPLY

Re: Syslog error from all ADSL 837's - what do they mean?

Hi

do find the possible reasons ,recommendations and workaround to avoid these error logs..

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=134219748

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=[IP_address], prot=[dec], spi=[hex]([int]), srcaddr=[IP_address]

An IPSec packet was received that specified an SPI that does not exist in the SADB. This may be a temporary condition because of slight differences in aging of SAs between the IPSec peers, or this condition might be caused by local SAs that have been cleared. This condition may also be caused by bogus packets that were sent by the IPSec peer. Under some circumstances this would be considered a hostile event.

Recommended Action: If the local SAs have been cleared, the peer may not be aware of this condition. In this case, if a new connection is established from the local router, the two peers may reestablish successfully. Otherwise, if the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer administrator.

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=[dec]

The MAC verify processing failed. This might be caused by the use of the wrong key by either party during the MAC calculations. This activity could be considered a hostile event.

Recommended Action: Contact the peer administrator.

regds

164
Views
0
Helpful
1
Replies
CreatePlease to create content