02-01-2005 05:02 PM
Hi All,
We have a cisco 3620 terminating an IPSEc tunnel.
Everything has been fine for a few months and then yesterday we started getting the following errors:
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2000
The sa syas up as below but the connectoins thwough the tunnel are very slow. It takes 30 sec to get the page from a web site accross the tunnel.
syd-pr1#sh crypto isakmp sa
dst src state conn-id slot
x.x.x.x y.y.y.y M_IDLE 1 0
We have checked the conf. on cisco. The other side of the tunnel is terminated on a non Cisco device.
I could not fine anything on that on the Cisco web site.
Has anyone seen this before?
Thanks a lot.
Best Regards
Ivan
02-07-2005 12:12 PM
This condition may be due to the use of the wrong key by either party during the MAC calculations.The following link has more information on common debug commands used to troubleshoot IPSec.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml
10-14-2005 04:36 AM
I run into exactly the same issue as stated above, did you ever get a solution for the above said problem ?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide