Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
2
Replies

Pix IPSec-VPN fails with "reserved not zero on payload 11"

richard.lind
Level 1
Level 1

‎03-10-2004 05:29 AM - edited ‎02-21-2020 01:03 PM

Hi,

i need to establish a IPSec-VPN-connection between our PIX 515 firewall (6.3.3) and a security gateway from SAP. Used parameters ar ESP 3DES MD5 Diffie-Hellman Group 2 with pre-shared key.

The IKE fails with the debug-messages:

ISAKMP: reserved not zero on payload 11!

ISAKMP: malformed payload

I didn't find any information about this error-messages, especially payload 11.

Do you know where i can find more information about that ?

Best regards,

Richard Lind

mailto:richard.lind@meiller.com

The "sh isakmp sa detail"-command reports:

Total : 1

Embryonic : 1

Local Remote Encr Hash Auth State Lifetime

FXM-FW_host_g:500 SAP-FW_host_g:500 3des md5 psk MM_KEY_EXCH 7172

The complete "debug crypto isakmp"-log is attached ...

Labels:
Preview file
4 KB
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎03-10-2004 08:15 PM

This message usually indicates your pre-shared keys are no matching on both peers. Re-enter your keys on both sides, make sure you don't cut/paste them in cause this can leave blank spaces at the end which the PIX will treat as part of the key. Type them in manually and see how you go.

0 Helpful

richard.lind
Level 1
Level 1
In response to gfullage

‎03-13-2004 02:24 PM

Thank's a lot, the problem was the preshared-key ...;-)))

Regards,

Richard Lind

0 Helpful
Customers Also Viewed These Support Documents