03-10-2004 05:29 AM - edited 02-21-2020 01:03 PM
Hi,
i need to establish a IPSec-VPN-connection between our PIX 515 firewall (6.3.3) and a security gateway from SAP. Used parameters ar ESP 3DES MD5 Diffie-Hellman Group 2 with pre-shared key.
The IKE fails with the debug-messages:
ISAKMP: reserved not zero on payload 11!
ISAKMP: malformed payload
I didn't find any information about this error-messages, especially payload 11.
Do you know where i can find more information about that ?
Best regards,
Richard Lind
mailto:richard.lind@meiller.com
The "sh isakmp sa detail"-command reports:
Total : 1
Embryonic : 1
Local Remote Encr Hash Auth State Lifetime
FXM-FW_host_g:500 SAP-FW_host_g:500 3des md5 psk MM_KEY_EXCH 7172
The complete "debug crypto isakmp"-log is attached ...
03-10-2004 08:15 PM
This message usually indicates your pre-shared keys are no matching on both peers. Re-enter your keys on both sides, make sure you don't cut/paste them in cause this can leave blank spaces at the end which the PIX will treat as part of the key. Type them in manually and see how you go.
03-13-2004 02:24 PM
Thank's a lot, the problem was the preshared-key ...;-)))
Regards,
Richard Lind
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide