Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%VPN_HW-1-PACKET_ERROR

Hi Guys,

Getting bugged by an irritant for the past few weeks. Cisco site doesn't seem to be of much help. The problem here is as follows.

"Jan 25 13:04:22.837: %VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet:srcadr=x.x.x.x,dstadr=y.y.y.y.y,size=2352,hand

le=0x581E"

Now the thing is whenever this is happening the CPU load is shooting up to a high point og 99%. We have several VPN tunnels in our 2851, out of which x.x.x.x is one of vallid peer IP that is appearing against the error.

Searched the cisco site and hit upon CSCed31869/CSCeg52468/CSCeg15422/CSCdy41378. None seems to be affordable.

Anyone has faced this thing before? I know it's of cosmic nature and common in Ipsec but why does this only one Ip keeps on appearing and that too during high load? Any co relation. It appears--.router shootsup-->it goes off-->router is calm. Duration for this is 40-45 mins on an average.

Thanks In advance for the help

Best,

Surajit

1 REPLY
New Member

Re: %VPN_HW-1-PACKET_ERROR

It looks like the reason lies with reassembly of fragmented packets. Try this:

crypto ipsec df-bit clear

Also disable fast switching to allow the router to reassemble the packets an put them in order.

347
Views
0
Helpful
1
Replies