05-05-2006 07:24 PM - edited 03-03-2019 12:36 PM
Hi All,
I got the problem with this error message below.Need your help.
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output replay error(0x08000000)
The tunnel configured as :
Transform set setXXX2: { esp-3des esp-sha-hmac }
will negotiate = { Transport, },
sh crypto isakmp sa detail
Codes: C - IKE configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal
X - IKE Extended Authentication
psk - Preshared key, rsig - RSA signature
renc - RSA encryption
C-id Local Remote I-VRF Encr Hash Auth DH Lifetime Cap.
51 10.x.xxx.xx0 10.x.xxx.xx1 3des sha psk 2 12:23:25
Connection-id:Engine-id = 51:2(hardware)
Thanks in advanced..If you need any more infos,let me know.
thks,
rgds,
kenny
05-06-2006 06:31 AM
Kenny
I see messages like this from time to time in the IPSec VPN router. If you see an occasional message like this I believe it reflects a transient event (and may well be caused by something happening in the provider network) and is not a serious problem. If you see lots of these messages it might reflect something else.
Can you give us more understanding of how often you see this. And if you believe it reflects a problem it would be helpful to have information on the platform on which it is happening and the version of code that you are running.
HTH
Rick
05-10-2006 03:38 AM
Hi Rick!
Thanks for your reply. I see this almost everyday..
sh ver as below.. :
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.3(8)T3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Tue 20-Jul-04 20:30 by eaarmas
ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)
WXXXX uptime is 8 weeks, 7 hours, 22 minutes
System returned to ROM by power-on
System restarted at 12:11:07 SIN Wed Mar 15 2006
System image file is "flash:c3725-advipservicesk9-mz.123-8.T3.bin"
----
Cisco 3725 (R7000) processor (revision 0.1) with 250880K/11264K bytes of memory.
Processor board ID JPE083611Q0
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
62 Serial interfaces
2 Serial(sync/async) interfaces
2 Channelized E1/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
62592K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
thks again..
kenny
05-10-2006 08:32 AM
Kenny
Thanks for the additional information. When you say that you see it every day, it would be helpful to know if you see it a few times a day, or many times a day. In fact what would probably be helpful is to know how many times it happened (over some period of time) and how many packets were sent during that period of time. So is the error happening for a large percentage of packets or a small percentage?
Another way to ask this question is to ask whether you are seeing impact on connectivity or are you just seeing messages in the logs and want to investigate. Is it having real impact?
I ran 12.3(8)T on a number of VPN routers and had some issues. I moved most of the routers to 12.3(14)T and they did better. I am now moving most of these routers to 12.4(3) and having good results. I do not know whether newer code will help resolve your issue but it might be worth trying.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: