Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3059
Views
0
Helpful
3
Replies

CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=7

teohkokwei
Level 1
Level 1

‎09-26-2011 02:53 AM

I'm getting the error msg when VPN between two 1841 router. Anyone can advise how resolove this issue. Thanks

Sep 26 07:55:37.287: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=7

Sep 26 07:56:44.921: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=7

Bother router with the IOS : Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3g)

I've perform the following methods but the result still remain the same.

Check the isakmp keys are preshared and correct. and the security associations for isakmp and ipsec

disableing fast switching (no ip route-cache)

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-26-2011 05:44 AM

This message indicates that packet the your router recived failed integrity check "mac verify".

I.e. it was corrupted/malformed/spoofed

If the problem affected all VPN connections on your box and is dropping a lot of packets this might be a problem with you VPN accelerator module. But if it affected one peer only the peer is most likely sending malformed packet or they get corrupted in transit.

0 Helpful

teohkokwei
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-26-2011 07:35 PM

Here is my case screnario

Router A (1841) is a Hub, Router B (871), Router C (1841) and Router D (1841) are spoke.

Last Friday 23/09, I've setup a VPN tunnel between Router A and ROuter D. The VPN tunnel is up and it's working fine but I noticed that the Router D has a lot of %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=7 error logs. I thought it might be configuration issue after that I'm tried to check the router A logs and I found out Router A also have the same error messeage and this error message has been occured since since 3 July.

I did Check Router C and Router D logs but these two routers don't have this kind of error message. It weird right?

Pls advise.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to teohkokwei

‎09-27-2011 05:04 AM

Since pass through routers inspect only L3 (and not ESP payload) it is normal that they do not see this message.

I doubt it's a configuration issue (at least on behalf of crypto, it might be a misconfig elsewhere).

What happened on July 3rd? :-)

Marcin

0 Helpful
Customers Also Viewed These Support Documents