Connecting two Drayteks over IPSec

Posted on 2016-07-20
Last Modified: 2016-07-25
We are currently aiming to connect a Draytek VigorPro 5510 with a Draytek Vigor 3900 using an IPSec tunnel.  The 5510 is the dial out router and the 3900 the dial in.

The configs are as follows:
IKE Phase1 Proposal: AE128 G1
Authentication: SHA1/MD5
Phase2 Proposal 3DES without auth
Auth: All
Perfect forward Secret: Disabled

The error I can see in the Syslog are: Payload malformed and Payload malfornmed after IV

Were stumped on this one and would appreciate some input

Question by:itd-helpdesk
LVL 22

Accepted Solution

David Atkin earned 500 total points
ID: 41721321
According to this:

The message "Payload Malformed" was received during the IKE exchange. It means the Phase 1 algorithms doesn't match the gateway configuration.

Change the proposal on Phase1 to something else (on both Drayteks) and re-test.

There is a well written article by Draytek for IPSEC VPN Connections - See here:

You will have to register to view the article.

Author Comment

ID: 41727701
Thanks for the reply, I definatly have a good way forward from this.


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco MM_NO_STATE - ACTIVE (Deleted) in S2S IPSec VPN 2 222
Recommendations on a Router for VPN 3 56
Cisco ASA two factor VPN 3 51
Cisco ASDM device NT domain question 4 34
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now