TCP/4/SOCKET_TCP_TCP_AO_AUTHEN_FAIL

Message

TCP/4/SOCKET_TCP_TCP_AO_AUTHEN_FAIL: TCP TCP-AO authentication not success. (tcpConnLocalAddress=[tcpConnLocalAddress], tcpConnLocalPort=[tcpConnLocalPort], tcpConnRemAddress=[tcpConnRemAddress], tcpConnRemPort=[tcpConnRemPort], hwTCPProtocol=[hwTCPProtocol], hwTCPVrfName=[hwTCPVrfName])

Description

The TCP-AO authentication of the TCP connection fails.

Parameters

Parameter Name Parameter Meaning

tcpConnLocalAddress

Local IP address of a TCP connection.

tcpConnLocalPort

Local port number of a TCP connection.

tcpConnRemAddress

Destination IP address of a TCP connection.

tcpConnRemPort

Destination port number of a TCP connection.

hwTCPProtocol

Name of an upper-layer application protocol.

hwTCPVrfName

VRF name.

Possible Causes

Cause 1: TCP-AO was configured on both ends of the TCP connection, but the encryption algorithms or keys in the effective key IDs were inconsistent.

Cause 2: Incomplete TCP-AO is configured on one end.

Cause 3: One end requires TCP-AO to take effect, but the other end is not configured with TCP-AO.

Procedure

1. Run the display current-configuration command on the devices at both ends of the TCP connection to check whether TCP-AO is configured. If only one end is configured with TCP-AO, configure TCP-AO on the end that is not configured with TCP-AO. If the authentication failure persists, go to step 2. If the authentication succeeds, go to step 5.

2. Check whether the TCP-AO configurations on both ends are complete. A complete TCP-AO configuration must be bound to a keychain. A key ID must be configured, and the corresponding key ID, algorithm, key, and effective time must be configured in the keychain. If the authentication failure persists, go to step 3. If the authentication succeeds, go to step 5.

3. Check whether the parameters at both ends are consistent. Ensure that the key-id takes effect at the same time and has the same key and algorithm. For details about the configuration requirements, see the configuration manual. If the authentication failure persists, go to step 4. If the authentication succeeds, go to step 5.

4. Collect log and configuration information, and contact technical support personnel.

5. END

Parent Topic: TCP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic