Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1904
Views
0
Helpful
2
Replies

decrypt: mac verify failed for connection id=2000

ivan.marakovic
Level 1
Level 1

‎02-01-2005 05:02 PM

Hi All,

We have a cisco 3620 terminating an IPSEc tunnel.

Everything has been fine for a few months and then yesterday we started getting the following errors:

%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2000

The sa syas up as below but the connectoins thwough the tunnel are very slow. It takes 30 sec to get the page from a web site accross the tunnel.

syd-pr1#sh crypto isakmp sa

dst src state conn-id slot

x.x.x.x y.y.y.y M_IDLE 1 0

We have checked the conf. on cisco. The other side of the tunnel is terminated on a non Cisco device.

I could not fine anything on that on the Cisco web site.

Has anyone seen this before?

Thanks a lot.

Best Regards

Ivan

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎02-07-2005 12:12 PM

This condition may be due to the use of the wrong key by either party during the MAC calculations.The following link has more information on common debug commands used to troubleshoot IPSec.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

0 Helpful

pravkuma
Level 1
Level 1

‎10-14-2005 04:36 AM

I run into exactly the same issue as stated above, did you ever get a solution for the above said problem ?

Thanks

0 Helpful
Customers Also Viewed These Support Documents