05-03-2004 11:31 PM - edited 02-21-2020 01:08 PM
Hello,
I'm not able to establish a vpn tunnel to a NCP vpn gateway.
I'm especially interested on the debug message: " ISAKMP: reserved not zero on payload 8!" - What does it mean?
Thank you in advance
M. König
Here is the debug output from my Pix 6.3.1:
(identity) local= ffmcif1_os, remote= lpk_os,
local_proxy= ffmz1_is/255.255.255.255/0/0 (type=1),
remote_proxy= lpk_ftp/255.255.255.255/0/0 (type=1)
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 5 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): received xauth v6 vendor id
ISAKMP (0): processing vendor id payload
ISAKMP (0): remote peer supports dead peer detection
ISAKMP (0): processing vendor id payload
ISAKMP (0): speaking to a Unity client
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
ISAKMP (0): retransmitting phase 1...
ISAKMP (0): retransmitting phase 1...
crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500
ISAKMP: reserved not zero on payload 8!
ISAKMP (0): deleting SA: src ffmcif1_os, dst lpk_os
ISADB: reaper checking SA 0x3596154, conn_id = 0
ISADB: reaper checking SA 0x35a0a34, conn_id = 0
ISADB: reaper checking SA 0x3541534, conn_id = 0
ISADB: reaper checking SA 0x2d0e054, conn_id = 0
ISADB: reaper checking SA 0x2d07f44, conn_id = 0
ISADB: reaper checking SA 0x3599104, conn_id = 0
ISADB: reaper checking SA 0x353194c, conn_id = 0
ISADB: reaper checking SA 0x2d0721c, conn_id = 0
ISADB: reaper checking SA 0x359e734, conn_id = 0
ISADB: reaper checking SA 0x353cf64, conn_id = 0
ISADB: reaper checking SA 0x35a4424, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for lpk_os/500 not found - peers:17
ISADB: reaper checking SA 0x3596154, conn_id = 0
05-10-2004 06:17 AM
The statement: ISAKMP: "reserved not zero on payload 8! " generally refers to a pre-shared key mismatch. Looks like you pre-shared key is not right. Try and unapply the crypto map and the isakmp of the interface, remove the preshared key, and re-enter it again, then reapply the crypto map and isakmp on the interface, clear the sa and then reinitiate the tunnel. This should work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide