Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1443
Views
0
Helpful
1
Replies

ISAKMP: reserved not zero on payload 5!

anar
Level 1
Level 1

‎09-13-2005 04:11 AM

Hi,

Windows XP VPN Client tries to connect to PIX 506 using L2TP with Certificate and gets error message 678: The remote computer did not respond.

ISAKMP: reserved not zero on payload 5!

but this message applicable when we use isakmp authe pre-share, however I use isakmp authe rsa-sig. Here is the output:

ISAKMP (0): processing ID payload. message ID = 0

ISAKMP (0): processing CERT payload. message ID = 0

ISAKMP (0): processing a CT_X509_SIGNATURE cert

ISAKMP (0): cert approved with warning

ISAKMP (0): processing SIG payload. message ID = 0

ISAKMP (0): processing CERT_REQ payload. message ID = 0

ISAKMP (0): peer wants a CT_X509_SIGNATURE cert

ISAKMP (0): SA has been authenticated

ISAKMP: transform 2, ESP_3DES

ISAKMP: attributes in transform:

ISAKMP: SA life type in seconds

ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10

ISAKMP: SA life type in kilobytes

ISAKMP: SA life duration (VPI) of 0x0 0x3 0xd0 0x90

ISAKMP: encaps is 2

ISAKMP: authenticator is HMAC-SHA

ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) dest= 10.0.0.200, src= 10.0.1.228,

dest_proxy= 10.0.0.200/255.255.255.255/17/0 (type=1),

src_proxy= 10.0.1.228/255.255.255.255/17/1701 (type=1),

protocol= ESP, transform= esp-3des esp-sha-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x200

ISAKMP (0): processing NONCE payload. message ID = 3542836878

ISAKMP (0): processing ID payload. message ID = 3542836878

ISAKMP (0): ID_IPV4_ADDR src 10.0.1.228 prot 17 port 1701

ISAKMP (0): processing ID payload. message ID = 3542836878

ISAKMP (0): ID_IPV4_ADDR dst 10.0.0.200 prot 17 port 0IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0xaf63d625(2942555685) for SA

from 10.0.1.228 to 10.0.0.200 for prot 3

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:10.0.1.228, dest:10.0.0.200 spt:500 dpt:500

ISAKMP (0): processing DELETE payload. message ID = 2101323035, spi size = 16

ISAKMP (0): deleting SA: src 10.0.1.228, dst 10.0.0.200

return status is IKMP_NO_ERR_NO_TRANS

crypto_isakmp_process_block:src:10.0.1.228, dest:10.0.0.200 spt:500 dpt:500

ISAKMP: drop msg for deleted sa

ISADB: reaper checking SA 0xdd7c1c, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:10.0.1.228/500 Ref cnt decremented to:0 Total VPN Peers:1

VPN Peer: ISAKMP: Deleted peer: ip:10.0.1.228/500 Total VPN peers:0

Please, tell me what is going wrong?

Labels:
0 Helpful
1 Reply 1

b_learoyd
Level 1
Level 1

‎09-15-2005 02:12 AM

try this link

http://www.rick-thompson.com/misc/vpn-notes.html

Barry.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents