cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
817
Views
0
Helpful
3
Replies

VPN Encryption/Decryption Error

ahpark78
Level 1
Level 1

Hi All,

I got the problem with this error message below.Need your help.

%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output replay error(0x08000000)

The tunnel configured as :

Transform set setXXX2: { esp-3des esp-sha-hmac }

will negotiate = { Transport, },

sh crypto isakmp sa detail

Codes: C - IKE configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal

X - IKE Extended Authentication

psk - Preshared key, rsig - RSA signature

renc - RSA encryption

C-id Local Remote I-VRF Encr Hash Auth DH Lifetime Cap.

51 10.x.xxx.xx0 10.x.xxx.xx1 3des sha psk 2 12:23:25

Connection-id:Engine-id = 51:2(hardware)

Thanks in advanced..If you need any more infos,let me know.

thks,

rgds,

kenny

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Kenny

I see messages like this from time to time in the IPSec VPN router. If you see an occasional message like this I believe it reflects a transient event (and may well be caused by something happening in the provider network) and is not a serious problem. If you see lots of these messages it might reflect something else.

Can you give us more understanding of how often you see this. And if you believe it reflects a problem it would be helpful to have information on the platform on which it is happening and the version of code that you are running.

HTH

Rick

HTH

Rick

Hi Rick!

Thanks for your reply. I see this almost everyday..

sh ver as below.. :

Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by Cisco Systems, Inc.

Compiled Tue 20-Jul-04 20:30 by eaarmas

ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)

WXXXX uptime is 8 weeks, 7 hours, 22 minutes

System returned to ROM by power-on

System restarted at 12:11:07 SIN Wed Mar 15 2006

System image file is "flash:c3725-advipservicesk9-mz.123-8.T3.bin"

----

Cisco 3725 (R7000) processor (revision 0.1) with 250880K/11264K bytes of memory.

Processor board ID JPE083611Q0

R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache

2 FastEthernet interfaces

62 Serial interfaces

2 Serial(sync/async) interfaces

2 Channelized E1/PRI ports

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity disabled.

55K bytes of NVRAM.

62592K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

thks again..

kenny

Kenny

Thanks for the additional information. When you say that you see it every day, it would be helpful to know if you see it a few times a day, or many times a day. In fact what would probably be helpful is to know how many times it happened (over some period of time) and how many packets were sent during that period of time. So is the error happening for a large percentage of packets or a small percentage?

Another way to ask this question is to ask whether you are seeing impact on connectivity or are you just seeing messages in the logs and want to investigate. Is it having real impact?

I ran 12.3(8)T on a number of VPN routers and had some issues. I moved most of the routers to 12.3(14)T and they did better. I am now moving most of these routers to 12.4(3) and having good results. I do not know whether newer code will help resolve your issue but it might be worth trying.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: