Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
30046
Views
5
Helpful
0
Comments

User receives the Header invalid, missing SA payload error message on the Cisco VPN 3000 Concentrator

TCC_2
Level 10
Level 10

on ‎06-18-2009 03:54 PM

Resolution

The following output shows the user receiving the Header invalid, missing SA payload error message on the Cisco VPN 3000 Concentrator:

EVENTID: IKE_NO_SA 
LEVEL: ES_SEV_INFO3 
STRING: "Header invalid, missing SA payload! (next payload = %d)"

This event generally means that the VPN Concentrator and the remote peer are out of sync. The remote peer is continuing to negotiate an Internet Key Exchange (IKE) Security Association (SA) that has been deleted by the VPN Concentrator. The condition should eventually correct itself as the negotiation times out. This event can sometimes indicate a benign condition, which is caused by a race condition. An example of a race condition is when both peers delete an SA simultaneously and send deletes. The delete messages get to the peer, but the peer has already deleted the SA on its own. The peer expects a new phase 1 message to include an SA payload, which the delete message does not include.

If the condition persists, the tunnel should be reset on both sides.

VPN 3000 Model

Concentrator models

VPN 3000 Event Logs

Header invalid, missing SA payload! (next payload = 8)

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents