Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

CIsco VPN     Pix 506E <-> Pix 501  malformed payload ?

Posted on 2004-09-15
8
Medium Priority
?
3,060 Views
Last Modified: 2012-06-21
Good Morning,

I'm trying to establish a simple VPN between two Pixs.

I get the following error message about a malformed payload.

What should I check ?

------------------------------ CUT ----- CUT ----------------


crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP:      encryption DES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 1
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to another IOS box!

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
ISAKMP: reserved not zero on payload 5!
ISAKMP: malformed payload
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
ISAKMP: reserved not zero on payload 5!
ISAKMP: malformed payload

0
Comment
Question by:davidey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 5

Accepted Solution

by:
netspec01 earned 375 total points
ID: 12065056
This means that the ISAKMP keys do not match.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12068480
Make sure that the policy on both sides match exactly:

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400

And that the pre-shared keys match exactly on both sides, "address" is remote peer:
isakmp key SecretKEY! address xx.xx.xx.55 netmask 255.255.255.255 no-xauth no-config-mode

And, make sure that the crypto map peer is the same as your key peer:
crypto map CRYMAP 10 set peer xx.xx.xx.55

0
 

Author Comment

by:davidey
ID: 12072876
Thank you for the answers.

It was the SecretKey.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12074228
Glad you're working. Please award netspec01 the points.

- Cheers!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12102547
Thanks for closing out this question, but I think the points should go to netspec01, don't you?

netspec01:
>the ISAKMP keys do not match

davidey:
>It was the SecretKey

Unless you feel that the extra information I provided was more explanatory and helped you more, the choice is yours.

Thanks again for your attention to this Q..
0
 

Author Comment

by:davidey
ID: 12102717
I agree with You.

The points are with "netspec01".

Have a nice day.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12102791
I've asked a moderator to unaccept this so that you can go ahead and accept netspec01's comment later.

- Cheers!
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question