11-25-2003 12:42 PM - edited 02-21-2020 12:53 PM
Hi,
Unfortunately I had to configure VPN site-site with the following caracteristics:
- Encryption 3DES
- Hashing MD5
- Authentication Pre-Shared
- DH group 2
- Lifetime 7200
between a PIX515E (6.3(3)) and...a 3com Security Gateway...no way to pass IKE Phase I...the two peers are seeing each other and start to negotiate IKE. With PIX debugging I've seen the following error messages on PIX:
- ISAKMP: reserved not zero on payload 5!
- ISAKMP: malformed payload
on 3com it logs Router-ID failure...
Is maybe a software Bug ???
On PIX I've also disable the NAT-T feature !!!
Are these two device interoperable???
Right now on PIX I've setup the isakmp identity as ADDRESS, should I use hostname or key-id ??
Thanks a lot
Omar
12-01-2003 06:36 AM
In the first place, I don't think so they are interoperable.
Regds,
12-03-2003 01:01 AM
Could do with more of the Phase 1 debugging. I would suggest double-checking the pre-shared key as i have seen this message quite a few times when the key is not matching.
Alternatively post the full ISAKMP debug.
12-03-2003 01:28 AM
Hi,
Thanks for the reply...I've tried to use isakmp identity as hostname and key-id...but no way the thigs get worst..seeing that with these two my PIX doesn't state Malformed payload
We've checking more times the preshared...and also changed to abcd but no way!
My thought is to not to use ike...and define manually the presahred key...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide