Core issue
This error is most commonly seen on a router that has the AIM-VPN/EPII with Device ID 00, and it running the Cisco IOS version 12.3.13 with IP/FW/IDS PLUS IPSEC 3DES feature set.
This issue is documented in Cisco bug ID CSCse42201.
You can check the product name and the device ID of the AIM module by issuing the show crypto engine configuration.
Resolution
For a workaround, perform these steps:
- Disable the HW encryption module by issuing the no crypto engine accelerator command.
- Generate the RSA keys by issuing the crypto key generate rsa general-keys modulus 1024 command.
- Enable the HW encryption module by issuing the crypto engine accelerator configuration command.
- Upgrade the Cisco IOS version if running 12.3.13 (12.3.13 is a deferred release).
- Replace the AIM module so that the device ID is not 00.