Avatar of frukeus
frukeus
Flag for Singapore asked on

Cisco ASA Header Invalid (next payload = 11)

IP = 46.50.218.93, processing VID payload
IP = 46.50.218.93, Received DPD VID
IP = 46.50.218.93, Received NAT-Traversal RFC VID
IP = 46.50.218.93, Received NAT-Traversal ver 03 VID
IP = 46.50.218.93, Received NAT-Traversal ver 02 VID
IP = 46.50.218.93, processing VID payload
IP = 46.50.218.93, IKE SA Proposal # 1, Transform # 11 acceptable  Matches global IKE entry # 3
IP = 46.50.218.93, constructing NAT-Traversal VID ver 02 payload
IP = 46.50.218.93, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
IP = 46.50.218.93, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
IP = 46.50.218.93, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
IP = 46.50.218.93, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
IP = 46.50.218.93, IKE MM Responder FSM error history (struct &0xdb289848)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_SND_MSG2, EV_RESEND_MSG-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent
IP = 46.50.218.93, sending delete/delete with reason message
IP = 46.50.218.93, IKE SA MM:8b824f2c terminating:  flags 0x01000002, refcnt 0, tuncnt 0
IP = 46.50.218.93, Header invalid (next payload = 11)

Open in new window


I keep getting Header invalid (next payload =11) error when I connect my openswan server to ASA. I have checked my preshared key many times and it is accurate.
What else can I do?
VPNCiscoLinux Networking

Avatar of undefined
Last Comment
Colossus1

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
MartinDRZ

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Ernie Beek

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
frukeus

ASKER
I did a sudo ipsec barf and realised that my secret file is malformed.
It requires PSK "password", quotes was missing from it.
Ernie Beek

Glad to see you got it working :)

Thx 4 the points.
Colossus1

Was the issue on the "openswan" server or the ASA?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23