Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
513
Views
0
Helpful
2
Replies

LOG ERROR

Go to solution
anajustiniano
Level 1
Level 1

‎09-09-2014 09:20 AM - edited ‎03-04-2019 11:43 PM

Im checking the logs on the router and im getting this log:

" CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed "

Im wondering why Im getting this log and how can I fix it.

Any help wll be appreciated....

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎09-09-2014 09:38 AM

Ana,

What device , what IOS

show version would help.

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#."

This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

http://www.cisco.com...0800949c5.shtml

Below are some reference in regards to this error:

https://supportforums.cisco.com/document/9021/user-recieves-crypto-4-pktreplayerr-decrypt-replay-check-failed-error-message-multi

 

HTH

Inayath

*Plz dont forget to rate if this info is helpfull.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎09-09-2014 09:38 AM

Ana,

What device , what IOS

show version would help.

This output shows an example of the 'Replay Check Failed' error:

"%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=#."

This error is a result of reordering in transmission medium (especially if parallel paths exist), or unequal paths of packet processing inside Cisco IOS for large versus small packets plus under load. Change the transform-set to reflect this. The reply check is only seen when transform-set esp-md5-hmac is enabled. In order to surpress this error message, disable esp-md5-hmac and do encryption only. Refer to Cisco bug ID CSCdp19680 ( registered customers only) .

http://www.cisco.com...0800949c5.shtml

Below are some reference in regards to this error:

https://supportforums.cisco.com/document/9021/user-recieves-crypto-4-pktreplayerr-decrypt-replay-check-failed-error-message-multi

 

HTH

Inayath

*Plz dont forget to rate if this info is helpfull.

0 Helpful

Go to solution
anajustiniano
Level 1
Level 1
In response to InayathUlla Sharieff

‎09-09-2014 02:00 PM

Thank you for the information, it was very usefull.

I was able to correct the error by  Expanding the Anti-Replay Window to the recomended size (1024).

 

 

 

 

 

0 Helpful
Top