Hardware cryptography errors

CornishPaul

Hi Everyone.
We are facing an issue with one of our WatchGuards, trying to establish a BOVPN, we are getting a connection however unable to route traffic down it successfully. When diagnosing, we are getting the following - Some hardware cryptography errors were found for the tunnel route(IP > IP). An attempt was made to rekey this VPN tunnel. Has anyone come across this before and how do we fix it?? Any help appreciated.

Bruce_Briggs

I have never seen anyone post on this issue.

For the record, what firewall models and software versions are involved.

Consider opening a support incident on this.

You can turn on diagnostic logging for IKE which may show something to help:
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher

Besides Diagnostic Logging, you have 2 other options when the session is trying to connect, and you should see something to help understand this.

1) Web UI -> System Status -> VPN Statistics, click the Debug button
2) in FSM -> Traffic Monitor -> right click -> Diagnostic Tasks -> VPN tab

james.carson

Hi @CornishPaul

This is likely a hardware failure on the firewall (they're rare, but do happen from time to time.)

Support can help verify that this is the issue, and help disable the hardware cryptographic accelerator on the firewall to get the tunnel running for now.

Please consider contacting support using one of the options here:
https://www.watchguard.com/wgrd-support/contact-support

If you have a case open, please reply with the case number and I'd be happy to check and ensure it's with the right team.