Hi,
I am getting the following on my 4430.
2013.05.03 19:56:15 FIREWALL IGWIpYankHdr : Single segment checksum returned error.
2013.05.03 19:56:16 FIREWALL IGWIpYankHdr : Single segment checksum returned error.
2013.05.03 19:56:17 FIREWALL IGWIpYankHdr : Single segment checksum returned error.
These errors are rolling pretty regularly. I am having trouble finding anything in documentation about this error. Google produced no results. Does anyone have any ideas?
Tim
Tim:
The error indicates that the ADTRAN unit is receiving an improperly formatted header; however, without a packet capture you will not be able to determine if this packet is coming from the LAN or WAN. The firmware upgrade would provide additional hardware enhancements for VPN, but if you think you were having problems with R10.5.2, then I would recommend R10.3.3. If you would like to open another post about what problems you were having on R10.5.2, I'm sure someone from the support community will be happy to assist you.
Levi
Thank you for asking this question in the support community. When you get a chance, is it possible you could reply with the firmware version, and a copy of the current configuration (please, remember to remove any information that may be sensitive to the organization)? I will be happy to review it for you.
Levi
Levi,
It is currently running 17.08.02.00.E.
It would take me some time to get the config changed. We have 65 VPN tunnels configured on it. Maybe I should call into support?
Tim
The firewall error you mentioned is typically a result of corrupted encryption headers. This process was streamlined in a newer version of firmware, where even though the ADTRAN receives corrupt headers, the hardware can process it more efficiently, and the error message will most likely go away. At the time of this post, I recommend upgrading the firmware to AOS version R10.5.2.E or R10.5.3.E. Here is how to Upgrade Firmware in AOS.
Please, let me know if you have any additional questions or information.
Levi
Levi,
Unfortunately we have tried upgrading to 10.5.2. We had major issues with the system causing voice quality to be abysmal and had to roll back to our current release to get it working again.
Can you explain the corrupted encryption headers a little bit more? What can cause this issue?
Is there a certain release that resolves that issue that we could step up into without going all the way to 10.5.2?
Tim
Tim:
The error indicates that the ADTRAN unit is receiving an improperly formatted header; however, without a packet capture you will not be able to determine if this packet is coming from the LAN or WAN. The firmware upgrade would provide additional hardware enhancements for VPN, but if you think you were having problems with R10.5.2, then I would recommend R10.3.3. If you would like to open another post about what problems you were having on R10.5.2, I'm sure someone from the support community will be happy to assist you.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi