Hi All, We are monitoring on

axa-wongjeff · ‎06-14-2012

I'm seeing IPSec messages and trying to interrupt them. With the "SIP" in the beginning of the message, it's related to my telephony connection specifically.

Cisco's message decoder did not provide any details. Anyone familiar with these types of messages? I'm going through some debug messages to see what these messages are a result of an event.

Jun 13 13:32:49.506 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:082 TS:00013710619067346304 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 39

Jun 13 13:58:09.782 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:005 TS:00013712135502608041 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 39

Jun 13 13:58:09.839 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:099 TS:00013712135559380211 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 39

Jun 13 14:08:57.643 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:095 TS:00013712781726318684 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 39

Jun 13 14:57:47.999 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:008 TS:00013715704679756134 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 23

Jun 13 15:09:11.148 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:019 TS:00013716386099386336 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 19

Jun 13 15:21:14.648 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:085 TS:00013717107774726649 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 36

Jun 13 15:45:19.920 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:088 TS:00013718549395685276 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 36

Jun 13 16:12:26.683 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:098 TS:00013720172049200355 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 27

Jun 13 16:33:35.103 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:085 TS:00013721437264765164 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 27

Jun 13 16:45:37.085 EDT: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:00 Thread:019 TS:00013722157422203134 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 27

yinrong.qian · ‎09-17-2012

Hi axa-wongjeff,

We just implemented an ASR router over this weekend. The device reported same error messages to the syslog server. I notice you posted this issue on this support community on Jun 14. Any progress on your end since then?

Sep 15 00:22:51.799 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:155 TS:00000004055147174987 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 15

Sep 15 09:21:47.623 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:102 TS:00000036390971809412 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 12

Sep 16 00:24:44.815 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:154 TS:00000090568063055729 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 5

Sep 16 04:14:36.617 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:099 TS:00000104359864904127 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 7

Thanks,

Roger

thepiphany · ‎03-13-2013

yinrong.qian wrote:

Hi axa-wongjeff,

We just implemented an ASR router over this weekend. The device reported same error messages to the syslog server. I notice you posted this issue on this support community on Jun 14. Any progress on your end since then?

Sep 15 00:22:51.799 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:155 TS:00000004055147174987 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 15

Sep 15 09:21:47.623 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:102 TS:00000036390971809412 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 12

Sep 16 00:24:44.815 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:154 TS:00000090568063055729 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 5

Sep 16 04:14:36.617 MDT: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:099 TS:00000104359864904127 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 7

Thanks,

Roger

+++++++++++++++++++++++++++++++++++++++++++++++

Same thing I saw this morning on one of our ASR1K Routers

IOSXE-3-PLATFORM: 1705: 086308: %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:00 Thread:090 TS:00000228674308953109 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 145

Ahmed Mostafa Ahmed · ‎08-21-2013

Dears ,

I have this Problem too at my cisco ASR1004 ,

did any one know why this error log at ACS .

Thanks

alexander.maksimov · ‎10-12-2014

i have this problem too at my cisco ASR1001.

Message=533695: Oct 13 09:10:12: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:090 TS:00012033983358910358 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 228, src_addr 192.168.252.221, dest_addr 192.168.252.3, SPI 0xbcb99205

Message=533693: Oct 13 09:09:50: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:083 TS:00012033961498494610 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 465, src_addr 192.168.78.49, dest_addr 192.168.78.1, SPI 0xb7abab27

Message=533691: Oct 13 09:09:05: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:098 TS:00012033916445322925 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 406, src_addr 192.168.78.57, dest_addr 192.168.78.1, SPI 0xb9d473b2

Message=533686: Oct 13 09:07:11: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:005 TS:00012033803116751459 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 438, src_addr 109.111.71.145, dest_addr 195.239.133.214, SPI 0x4c140dc7

i don't use phone traffic. i don't use SIP.

we use IPSEC+GRE+EIGRP on ASR1001 only.

what's this log means ?

thanks for answer

Roy Olarte · ‎10-20-2014

Hi All,

We are monitoring on the following error logs. Can anyone help me on this please??

19907:.SIP0: cpp_cp: QFP:0:0 Thread:228 TS:00006942421682700923 %IPSEC-3-HMAC_ERROR:IPSec SA receives HMAC error, DP Handle 286, src_addr 192.168.5.14, dest_addr 192.168.2.17 , SPI 0xb250a4da

IPSec SA HMAC error decoder