Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
2
Replies

Cisco Pix to Checkpoint NG VPN, Tunnel Errors

matt-long
Level 1
Level 1

‎03-14-2005 08:49 AM - edited ‎02-21-2020 01:39 PM

Hi,

We have got a Pix 515e running 6.3.4 connecting to a Checkpoint NG firewall. The tunnel works fine for a period but then wa get the following errors in the isakmp log

15:38:26.469 UTC Mon Mar 14 2005, peer xxx.xxx.xxx.xxx, MALFORMED_PAYLOAD

15:38:22.469 UTC Mon Mar 14 2005, peer xxx.xxx.xxx.xxx, MALFORMED_PAYLOAD

15:38:18.469 UTC Mon Mar 14 2005, peer xxx.xxx.xxx.xxx, MALFORMED_PAYLOAD

15:38:14.479 UTC Mon Mar 14 2005, peer xxx.xxx.xxx.xxx, MALFORMED_PAYLOAD

The remote site has a number of subnets each is seperately listed in the pix and so the pix has a number of different SAs (one for each listed subnet). We are getting individual subnets failing every now and again but all the other subnets work without an issue. If I reset the isakmp and ipsec SAs the faulty subnet comes back up.

Does anyone have any suggestions.

Thanks

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎03-21-2005 07:13 AM

Apart from the syslog, does the pix itself throw some error ?

0 Helpful

matt-long
Level 1
Level 1
In response to umedryk

‎03-21-2005 08:11 AM

Unfortunatly no,

i have checked the debugs and th SAs and it does not occur when the SA is renegotiated at all. In fact the IPSEC SA shows the data is still being encrypted and forwarded, it just does not arrive at the other end.

You can do a tracert to one ip and get good responses from all the way along the path and then ping something on the failed net and you don't get any responses at all.

0 Helpful
Customers Also Viewed These Support Documents