Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
3
Replies

ISAKMP: reserved not zero on payload 5!

markfen
Level 1
Level 1

‎04-14-2003 04:16 AM - edited ‎03-09-2019 02:53 AM

I'm trying to establish a VPN with a PIX 515E using a Solaris 9

client.

The Solaris client is the initiator, The phase 1 IKE

exchange fails , the PIX does not like something

in the 5th packet in main mode. I got this from

the PIX debug log:

ISAKMP: reserved not zero on payload 5!

What does this mean ?

This is using native Solaris IPsec, preshared keys.

Cisco software version 6.1

Labels:
0 Helpful
3 Replies 3

afakhan
Level 4
Level 4

‎04-14-2003 11:48 AM

Hi,

It means you need to re-enter preshared keys on the two sides.

Thx

Afaq

0 Helpful

markfen
Level 1
Level 1
In response to afakhan

‎04-15-2003 08:20 AM

Hello Afaq,

This helped - actually the problem was Solaris uses preshared

keys in hex, Cisco uses ASCII :-)

I still get this message, but the negotiation gets further this time

despite the above error. The failure point is now in phase 2:

IPSEC(validate_transform_proposal): invalid local address x.x.x.x

Where x.x.x.x is the IP address of the PIX

I saw an article on your website which mentioned this - I need

to use:

crypto map map-name local-address interface-id

The documentation does not cover this command ( unless

I overlooked it )

Thanks again.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to markfen

‎04-16-2003 09:32 PM

This is usually a fairly generic error when it comes to the PIX. The "local-address" command you're referring to is an IOS router command, not a PIX command, so that's why you're not seeing it.

Check your transforms, ACL's, etc on both sides, make sure they match properly.

0 Helpful
Customers Also Viewed These Support Documents