Anyone know what esp sequence fail means

Discussion in 'Cisco' started by jcharth, Aug 29, 2005.

  1. jcharth

    jcharth Guest

    Hello I am getting this error in my router after an ip change

    08-29-2005 10:23:33 Local7.Alert 10.xx.xx.x 2353: 3d07h:
    %C1700_EM-1-ERROR: packet-rx error: ESP sequence fail, id 104, pool
    offset 0


    Does anyone know what this means?

    thanks
     
    jcharth, Aug 29, 2005
    #1
    1. Advertisements

  2. jcharth

    tholincheck Guest

    If you have a CCO login you can put this command into the output
    interpreter and it will tell you why you have received this error and
    what you can do about. I run this output through and got some good
    stuff. I don't think I can post it here.

    The jist of the error is that a packet arrived out of sequence and
    (sometimes this is natural) other times it means you have QoS
    reordering the packets before IPSec gets its hands on the packets and
    the anti-replay feature of IPSec is dropping the packet.
     
    tholincheck, Aug 29, 2005
    #2
    1. Advertisements

  3. Error Message

    %C1700_EM-1-ERROR : [chars]

    Explanation:

    An error has occurred in an application using the VPN module.

    Recommended Action:

    Copy the error message exactly as it appears on the console or in the
    system log, contact your Cisco technical support representative, and
    provide the representative with the gathered information.

    http://www.bradreese.com/cisco-tac-contacts-worldwide.htm

    Cisco Output Interpreter:

    https://www.cisco.com/pcgi-bin/Support/OutputInterpreter/home.pl

    Sincerely,

    Brad Reese
    BradReese.Com Cisco Repair Service Experts
    http://www.bradreese.com/index.htm#EXPERTS
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA/Canada: 877-549-2680
    International: 828-277-7272
    United Kingdom: 44-20-70784294
     
    www.BradReese.Com, Aug 29, 2005
    #3
  4. jcharth

    jcharth Guest

    Thanks Guys, I think i found the answer but I dont know how to doit.
    Can anyone give a clude on how to disable the hardware encryption and
    enable the software encryption?
    thanks.

    Symptoms: After an hour of normal operation, an encryption module may
    go down and the following error messages are generated:



    %C1700_EM-1-ERROR: packet-tx error:tx ring full. Head 93, Tail 92,
    Avail 1, buf 1

    %C1700_EM-6-SHUTDOWN: C1700_EM shutting down

    Conditions: This symptom is observed on a Cisco 1720 router that is
    configured with a hardware encryption module that is used to terminate
    Cisco Easy Virtual Private Network (EzVPN) tunnels that run from a
    Cisco PIX Firewall.

    Workaround: Use software encryption by configuring IP Security (IPSec).
     
    jcharth, Sep 9, 2005
    #4
  5. :Can anyone give a clude on how to disable the hardware encryption and
    :enable the software encryption?

    :%C1700_EM-1-ERROR: packet-tx error:tx ring full. Head 93, Tail 92,
    :Avail 1, buf 1

    :%C1700_EM-6-SHUTDOWN: C1700_EM shutting down

    Those message don't match the one you originally posted, but
    it could be that the problem is related.


    :Conditions: This symptom is observed on a Cisco 1720 router that is
    :configured with a hardware encryption module that is used to terminate
    :Cisco Easy Virtual Private Network (EzVPN) tunnels that run from a
    :Cisco PIX Firewall.

    :Workaround: Use software encryption by configuring IP Security (IPSec).

    The key is there: the problem only exists if you are using EzVPN,
    and goes away if you configure full IPSec. Cisco's site has a number
    of examples of IPSec configuration to a PIX.
     
    Walter Roberson, Sep 9, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.