Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3077
  • Last Modified:

CIsco VPN Pix 506E <-> Pix 501 malformed payload ?

Good Morning,

I'm trying to establish a simple VPN between two Pixs.

I get the following error message about a malformed payload.

What should I check ?

------------------------------ CUT ----- CUT ----------------


crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP:      encryption DES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 1
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to another IOS box!

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
ISAKMP: reserved not zero on payload 5!
ISAKMP: malformed payload
crypto_isakmp_process_block:src:80.204.93.98, dest:80.22.58.139 spt:500 dpt:500
ISAKMP: reserved not zero on payload 5!
ISAKMP: malformed payload

0
davidey
Asked:
davidey
  • 4
  • 2
1 Solution
 
netspec01Commented:
This means that the ISAKMP keys do not match.
0
 
lrmooreCommented:
Make sure that the policy on both sides match exactly:

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400

And that the pre-shared keys match exactly on both sides, "address" is remote peer:
isakmp key SecretKEY! address xx.xx.xx.55 netmask 255.255.255.255 no-xauth no-config-mode

And, make sure that the crypto map peer is the same as your key peer:
crypto map CRYMAP 10 set peer xx.xx.xx.55

0
 
davideyAuthor Commented:
Thank you for the answers.

It was the SecretKey.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
lrmooreCommented:
Glad you're working. Please award netspec01 the points.

- Cheers!
0
 
lrmooreCommented:
Thanks for closing out this question, but I think the points should go to netspec01, don't you?

netspec01:
>the ISAKMP keys do not match

davidey:
>It was the SecretKey

Unless you feel that the extra information I provided was more explanatory and helped you more, the choice is yours.

Thanks again for your attention to this Q..
0
 
davideyAuthor Commented:
I agree with You.

The points are with "netspec01".

Have a nice day.
0
 
lrmooreCommented:
I've asked a moderator to unaccept this so that you can go ahead and accept netspec01's comment later.

- Cheers!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now