03-22-2006 05:31 AM - edited 02-21-2020 02:19 PM
Hello,
The following message apears on a syslog server: "%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 10.77.77.76 failed its sanity check or is malformed". The message arrives from a router with ipsec tunnel connections. Although this message apears prety often, we do not experience disconnections. Is that a real problem? If yes could you pls help me understand and solve the problem? attached the configuration of the remote site (with loopback 10.77.77.76)
ThanksInAdvance,
Yardena
03-28-2006 07:45 AM
Here is the explaination from Cisco for this error message:
A quick verification check is done on all received ISAKMP messages to ensure that all component payload types are valid and that the sum of their individual lengths equals the total length of the received message. This message indicates a failed verification check. Persistently bad messages could mean a denial-of-service attack or bad decryption.
03-28-2006 11:30 AM
Hello,
It seems to be a preshared mismatch. Make sure they are both the same. Remember if you are going to make a change you need to disable the crypto map on the interface, make the changes and then enable it back. Changes made without following these steps might not work properly.
http://www.boerderie.com/VPNdebugging.html#cisco
Let me know if it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide