[c-nsp] vpn_hw-1-packet_error / 7201
Nemeth Laszlo
csirek at cooler.hu
Wed Nov 26 06:12:07 EST 2008
Hi all,
I have 2 Cisco 7201 routers (c7200p-advipservicesk9-mz.124-15.T3.bin)
with SA-VAM2+ VPN modul.
Between this routers i use a crypted GRE tunnel:
interface Tunnel0
description TUNNEL
ip address 192.168.1.1 255.255.255.252
ip mtu 1418
ip tcp adjust-mss 1300
ip ospf cost 100
load-interval 30
keepalive 2 2
tunnel source 10.0.0.1
tunnel destination 10.0.1.1
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key ingyombingyom address 10.0.1.1
!
crypto ipsec transform-set nyulambulam-standard esp-3des esp-sha-hmac
I get the next error messages in the last 2-3 days and only for some
hours (2-3 messages / minutes) on a day but only in one router (the
router uptime is ~9 week):
Nov 26 03:06:49 PST: %VPN_HW-1-PACKET_ERROR: slot: 1 Packet
Encryption/Decryption error, ESP Pad
Length:srcadr=10.0.0.1,dstadr=10.0.1.1,size=104,handle=0x7D4F
Nov 26 03:07:34 PST: %VPN_HW-1-PACKET_ERROR: slot: 1 Packet
Encryption/Decryption error, Output Authentication
error:srcadr=10.0.0.1,dstadr=10.0.1.1,size=160,handle=0x7D4F
Nov 26 03:07:34 PST: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify
failed for connection id=11551 local=10.0.0.1 remote=10.0.1.1
spi=FCAF23B3 seqno=000008A5
The router on the other side didn't log anything.
The tunnel doesn't go down when i get this errors.
Any idea?
Thanks
Laszlo
More information about the cisco-nsp
mailing list