Symptom
ASR1002-HX HW crypto-engine stuck at Initializing stats
Conditions
ipsec sa create failed at platform
Workaround
configure appropriate crypto throughput
Further Problem Description
IOS-XE 17.3 release train changed the crypto throughput license behavior for ASR 1001-hx and ASR 1002-hx platforms which have field replaceable crypto module.
The crypto throughput has to be configured using the following command to avoid IPSec tail drops:
platform hardware crypto-throughput level 16-25g
