%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed

Discussion in 'Cisco' started by James Harris, Feb 5, 2005.

  1. James Harris

    James Harris Guest

    I am getting %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for
    connection id=2056

    on a new router-to-router VPN. I can't work out what it is trying to do.
    Cisco's web site gives:

    CRYPTO-4-RECVD_PKT_MAC_ERR : decrypt: mac verify failed for connection
    id=[dec]
    Explanation The MAC verify processing failed. This may be caused by
    the use of the wrong key by either party during the MAC calculations.
    This activity could be considered a hostile event.
    Recommended Action Contact the peer administrator.

    Which sounds OK but I have set up both ends of the link and traffic is
    passing. The isakmp keys are preshared and correct. The security
    associations for isakmp and ipsec look to be correct as well. I just get
    this occasional message on one router only.
     
    James Harris, Feb 5, 2005
    #1
    1. Advertising

  2. James Harris

    James Harris Guest

    "James Harris" <no.email.please> wrote in message
    news:42049232$0$7711$...
    >I am getting %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for
    >connection id=2056
    >
    > on a new router-to-router VPN. I can't work out what it is trying to do.
    > Cisco's web site gives:
    >
    > CRYPTO-4-RECVD_PKT_MAC_ERR : decrypt: mac verify failed for connection
    > id=[dec]
    > Explanation The MAC verify processing failed. This may be caused by
    > the use of the wrong key by either party during the MAC calculations.
    > This activity could be considered a hostile event.
    > Recommended Action Contact the peer administrator.
    >
    > Which sounds OK but I have set up both ends of the link and traffic is
    > passing. The isakmp keys are preshared and correct. The security
    > associations for isakmp and ipsec look to be correct as well. I just get
    > this occasional message on one router only.
    >


    Found this error message in a few bugs on Cisco's bug tracker. One
    workaround, to disable fast switching (no ip route-cache) seems to have
    done the trick.
     
    James Harris, Feb 10, 2005
    #2
    1. Advertising

  3. James Harris

    Jim Guest

    Hello James,

    I am facing the same situation you are facing below. The fast
    switching is disabled on the serial interfaces and enabled on the
    Fastethernet. However, on the peer router they are enabled on both
    serial and ethernet interface. I will try to enable this feature on
    both sides and see the result. Please keep me updated if you have any
    other work arround.

    Regards,


    "James Harris" <no.email.please> wrote in message news:<420bcd1c$0$32603$>...
    > "James Harris" <no.email.please> wrote in message
    > news:42049232$0$7711$...
    > >I am getting %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for
    > >connection id=2056
    > >
    > > on a new router-to-router VPN. I can't work out what it is trying to do.
    > > Cisco's web site gives:
    > >
    > > CRYPTO-4-RECVD_PKT_MAC_ERR : decrypt: mac verify failed for connection
    > > id=[dec]
    > > Explanation The MAC verify processing failed. This may be caused by
    > > the use of the wrong key by either party during the MAC calculations.
    > > This activity could be considered a hostile event.
    > > Recommended Action Contact the peer administrator.
    > >
    > > Which sounds OK but I have set up both ends of the link and traffic is
    > > passing. The isakmp keys are preshared and correct. The security
    > > associations for isakmp and ipsec look to be correct as well. I just get
    > > this occasional message on one router only.
    > >

    >
    > Found this error message in a few bugs on Cisco's bug tracker. One
    > workaround, to disable fast switching (no ip route-cache) seems to have
    > done the trick.
     
    Jim, Feb 13, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    913
  2. Replies:
    0
    Views:
    2,591
  3. Allen

    Can you encrypt and decrypt CDs and CDRWs ?

    Allen, Oct 20, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    686
    Allen
    Oct 20, 2004
  4. xhon
    Replies:
    0
    Views:
    817
  5. Tanja
    Replies:
    0
    Views:
    836
    Tanja
    Jan 25, 2008
Loading...

Share This Page