01-25-2024 02:35 AM
Hello,
I was trying to setup ipsec tunnel with remote device but i get this error. Same configs has worked with other location with same router model ISR4331. Any idea?
%IOSXE-5-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:001 TS:00023818311620476832 %PUNT_INJECT-5-DROP_GLOBAL_POLICER: global punt policer drops packet from GigabitEthernet0
%IOSXE-5-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:003 TS:00023818760985759936 %PUNT_INJECT-5-DROP_PUNT_CAUSE: punt policer drops packets, cause: for-us-ctrl (0x37) from GigabitEthernet0/0/1.100
%IOSXE-5-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:001 TS:00023818311620476832 %PUNT_INJECT-5-DROP_GLOBAL_POLICER: global punt policer drops packet from GigabitEthernet0
%IOSXE-5-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:003 TS:00023818760985759936 %PUNT_INJECT-5-DROP_PUNT_CAUSE: punt policer drops packets, cause: for-us-ctrl (0x37) from GigabitEthernet0/0/1.100
#sh platform resources
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.5
01-25-2024 03:03 AM
Hello,
the error message mentions the punt policer. You could try to disable the punt-keepalives and/or increase the rate limit:
4331(config)# platform punt-keepalive disable
4431(config)# platform punt-keepalive rate-limit <value>
01-25-2024 03:10 AM
Try first disable keepalive of isakmp
If the error stop then config keepalive on demand
This make IPSec not send a lot of keepalive
MHM
01-30-2024 07:02 AM
@Georg Pauwen @MHM Cisco World I did both suggestions you have told but it didnt worked. but the tunnel was not working due to the mismatching of IPs in keyring. so i have concluded these messages has nothing to do with tunnel setup to make the it up. Thank you for your input.
01-30-2024 11:34 AM
Hello
Possible bug - have/can you upgrade to a newer version of code 17.3.8a which seems to include a fix for a CVE vulnerability also.
Or maybe review this cco doc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide