[c-nsp] vpn_hw-1-packet_error / 7201

Antonio Soares amsoares at netcabo.pt
Wed Nov 26 08:49:36 EST 2008 

I had the same problem a few weeks ago with a 3845. Initially we thought we were hitting an IOS Bug but in the end of the day, the
messages were correlated with some circuit problems. Verify if your circuits are clean and in the case they are, check these two
Bugs:

- CSCee43714
- CSCeg52468 


Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nemeth Laszlo
Sent: quarta-feira, 26 de Novembro de 2008 11:12
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] vpn_hw-1-packet_error / 7201

Hi all,

I have 2 Cisco 7201 routers (c7200p-advipservicesk9-mz.124-15.T3.bin)
with SA-VAM2+ VPN modul.

Between this routers i use a crypted GRE tunnel:

interface Tunnel0
  description TUNNEL
  ip address 192.168.1.1 255.255.255.252
  ip mtu 1418
  ip tcp adjust-mss 1300
  ip ospf cost 100
  load-interval 30
  keepalive 2 2
  tunnel source 10.0.0.1
  tunnel destination 10.0.1.1

crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
crypto isakmp key ingyombingyom address 10.0.1.1 !
crypto ipsec transform-set nyulambulam-standard esp-3des esp-sha-hmac


I get the next error messages in the last 2-3 days and only for some hours (2-3 messages / minutes) on a day but only in one router
(the router uptime is ~9 week):

Nov 26 03:06:49 PST: %VPN_HW-1-PACKET_ERROR: slot: 1 Packet Encryption/Decryption error, ESP Pad
Length:srcadr=10.0.0.1,dstadr=10.0.1.1,size=104,handle=0x7D4F

Nov 26 03:07:34 PST: %VPN_HW-1-PACKET_ERROR: slot: 1 Packet Encryption/Decryption error, Output Authentication
error:srcadr=10.0.0.1,dstadr=10.0.1.1,size=160,handle=0x7D4F

Nov 26 03:07:34 PST: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=11551 local=10.0.0.1 remote=10.0.1.1
spi=FCAF23B3 seqno=000008A5


The router on the other side didn't log anything.

The tunnel doesn't go down when i get this errors.

Any idea?

Thanks

Laszlo
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list