Re: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connec

MriduD · ‎04-04-2025

Apr 3 22:29:55: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=5.1.2.3, prot=50, spi=0x8280(33408), srcaddr=6.2.1.2, input interface=GigabitEthernet0
*Apr 4 10:17:37: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000001
*Apr 4 10:18:52: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=0000001D
*Apr 4 10:19:57: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=0000002B
*Apr 4 10:21:07: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000033
*Apr 4 10:22:07: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000039
*Apr 4 10:23:07: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=0000003F
*Apr 4 10:24:12: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000054
*Apr 4 10:25:36: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000063
*Apr 4 10:26:36: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000069
*Apr 4 10:27:47: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000071
*Apr 4 10:29:07: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=0000007B
*Apr 4 10:30:17: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000083
*Apr 4 10:31:18: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000089
*Apr 4 10:32:28: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000091
*Apr 4 10:33:43: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=00000099
*Apr 4 10:35:06: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=000000B1
*Apr 4 10:36:37: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=000000BD
*Apr 4 10:37:37: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=45 spi=BF01A06A seqno=000000C3

These are the logs from their Cisco 891-K9 WAN router

The site-to-site VPN goes down every day. It comes back only after I clear phase 1 of the tunnel.

Please help.

MHM Cisco World · ‎04-04-2025

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116085-troubleshooting-pingloss-00.html

MHM

MriduD · ‎04-06-2025

Thank you as always, Sir.

But, this article doesn't provide any solution. Though it has a handful of information. I have gone through it.

I read in another article stating that the above mentioned error is related to a bug or hardware problem. Any idea? Can we conclude that the router has to be upgraded to avoid these errors?

Sheraz.Salim · ‎04-07-2025

could you apply these configuration and see how it behaves.

crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association lifetime kilobytes 4608000
!
crypto ipsec security-association replay disable
!

please do not forget to rate.