Options
ERR message with site 2 site VPN
blackninja
Member Posts: 385
VPN is set up and traffic is crossing fine.
I get this error message, about one a minute, when the VPN is in use - using continuous ping's as traffic.
Error message:
05:42:54: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2001 local=10.0.0.2 remote=10.0.0.1 spi=0300291F seqno=00000C25
Cisco's web site states:
CRYPTO-4-RECVD_PKT_MAC_ERR : decrypt: mac verify failed for connection
id=[dec]
Explanation The MAC verify processing failed. This may be caused by
the use of the wrong key by either party during the MAC calculations.
This activity could be considered a hostile event.
Recommended Action Contact the peer administrator.
Found this error message in a few bugs on Cisco's bug tracker. One
workaround, to disable fast switching (no ip route-cache) which seems not to have worked for me.
As it's passing traffic, keys match - so anybody any ideas?
IOS used:
R1 - C2600-ADVSECURITYK9-M, Version 12.4(23) - 2620XM 32/128
R2 - C1700-K9O3SY7-M, Version 12.3(23) - 1751 32/64
I get this error message, about one a minute, when the VPN is in use - using continuous ping's as traffic.
Error message:
05:42:54: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2001 local=10.0.0.2 remote=10.0.0.1 spi=0300291F seqno=00000C25
Cisco's web site states:
CRYPTO-4-RECVD_PKT_MAC_ERR : decrypt: mac verify failed for connection
id=[dec]
Explanation The MAC verify processing failed. This may be caused by
the use of the wrong key by either party during the MAC calculations.
This activity could be considered a hostile event.
Recommended Action Contact the peer administrator.
Found this error message in a few bugs on Cisco's bug tracker. One
workaround, to disable fast switching (no ip route-cache) which seems not to have worked for me.
As it's passing traffic, keys match - so anybody any ideas?
IOS used:
R1 - C2600-ADVSECURITYK9-M, Version 12.4(23) - 2620XM 32/128
R2 - C1700-K9O3SY7-M, Version 12.3(23) - 1751 32/64
Currently studying:
CCIE R&S - using INE workbooks & videos
Currently reading:
Everything. Twice
CCIE R&S - using INE workbooks & videos
Currently reading:
Everything. Twice
Comments
-
Optionsblackninja
Member Posts: 385
Any ideas - it's driving me nuts filling the console with the err message.
It only appears on the 2620XM, if this helps.Currently studying:
CCIE R&S - using INE workbooks & videos
Currently reading:
Everything. Twice -
Options
notgoing2fail
Member Posts: 1,138
So one of the routers thinks the MAC address is false from the other router? -
Optionsblackninja
Member Posts: 385
I have no idea, and nor does anybody here by the looks of it.
I think I'll double post it into the CCSP section tomorrow.Currently studying:
CCIE R&S - using INE workbooks & videos
Currently reading:
Everything. Twice
