Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
0
Replies

%CRYPTO-4-PKT_REPLAY_ERR:

AEMOIMTTSA
Level 1
Level 1

‎07-10-2013 09:16 PM

I have been seeing the following error message in the logs for a few days now.

%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

        connection id=4587, sequence number=17094

I managed to track down the connection id:4587 and I can see the peer IP with the actual recv errors. There is no issues with the VPN itself, traffic is working fine.

I have tried to increase the actual window size under the specific crypto map for that particular peer and it makes no difference. Even cleared the sa after applying the changes.

crypto map xxxxxxxxx 1 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

security-association replay window-size 1024


Have increased the replay window globally to 1024 however the errors keep appearing.

crypto ipsec security-association replay window-size 1024

Has anyone actually disabled the replay window checking? did it impact anything?

crypto ipsec security-association replay disable

no crypto ipsec security-association replay window-size 1024

does it actually stop the replay_errors?

or to stop these errors do you need to change the hash algorithm from sha instead of md5?


1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents