05-03-2011 03:42 AM - edited 02-21-2020 05:18 PM
Occasionally I loose connectivity with a GM when he fails to rekey.
Before and after that happens I have many consecutive antireplay check failures.
According to the log:
.May 3 10:28:34.167: %GDOI-4-TIMEBASED_REPLAY_FAILED: An anti replay check has failed in group XXX. my_pseudotime is 12414551.01 secs, peer_pseudotime is 12414541.00 secs, replay_window is 10 (second)
.May 3 10:28:34.167: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=6501, sequence number=2692619
The result is that if the rekeying happens when the gm experiences the antireplay problems, it fails and i lose connectivity to the router (telnet is in the encryption acl).
Then I login the GM through ssh and I execute “ clear crypto gdoi” and everything comes to normal.
I have used the “rekey retransmit 10 number 4” in KSes.
The strange thing is that I have met these messages occasionally in many different GMs in the past, but it is the first time that rekeying have failed during that time. Is it a random event?
I would appreciate your opinion about that.
Regards,
08-30-2012 07:26 AM
Hello,
Did you ever find a cause / resolution to this issue?
10-02-2012 11:45 AM
Any resolution to this?
I am having the same issue.
04-12-2013 03:53 AM
I am also having same issue.
Can we disable TBAR in GetVPN environment?
Would there be any impact once TBAR is disabled?
04-12-2013 06:27 AM
Hello,
I had this problem on an ASR 1001. I ended up disabling TBAR which resolved the issue and did not encounter any other issues. I have since upgraded the ASR to the latest code and re-enabled TBAR and have not had any issues since.
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: