Hi!
Are the new 12.3 IOSes compatible with the older ones and the PIX OS?
When I trying to establish IPSec tunnel from the PIX 6.3(4) to the 12.3(9) IOS I constantly gets:
702208: ISAKMP Phase 1 exchange started (local 172.16.1.10 (initiator), remote 172.16.2.1)
702206: ISAKMP malformed payload received (local 172.16.1.10 (initiator), remote 172.16.2.1)
on the PIX side and:
*Mar 7 02:07:17.985 MSK: ISAKMP (0:3): atts are acceptable. Next payload is 0
*Mar 7 02:07:18.146 MSK: ISAKMP (0:3): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 7 02:07:18.146 MSK: ISAKMP (0:3): Old State = IKE_R_MM1 New State = IKE_R_MM1
*Mar 7 02:07:18.150 MSK: ISAKMP: Error: payload length of VENDOR 0 < 4
*Mar 7 02:07:18.150 MSK: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 172.16.1.10 failed its sanity check or is malformed
on the IOS side. When the tunnel is initiated from the IOS side everything is ok. Also, I saw the same behaviour between 12.2(8)T and 12.3(9). Could anybody explain this?
Thx.