Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
1
Replies

VPN connect problem with NCP Gateway

mkoenig
Level 1
Level 1

‎05-03-2004 11:31 PM - edited ‎02-21-2020 01:08 PM

Hello,

I'm not able to establish a vpn tunnel to a NCP vpn gateway.

I'm especially interested on the debug message: " ISAKMP: reserved not zero on payload 8!" - What does it mean?

Thank you in advance

M. König

Here is the debug output from my Pix 6.3.1:

(identity) local= ffmcif1_os, remote= lpk_os,

local_proxy= ffmz1_is/255.255.255.255/0/0 (type=1),

remote_proxy= lpk_ftp/255.255.255.255/0/0 (type=1)

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 5 policy

ISAKMP: encryption 3DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a Unity client

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): ID payload

next-payload : 8

type : 1

protocol : 17

port : 500

length : 8

ISAKMP (0): Total payload length: 12

return status is IKMP_NO_ERROR

ISAKMP (0): retransmitting phase 1...

ISAKMP (0): retransmitting phase 1...

crypto_isakmp_process_block:src:lpk_os, dest:ffmcif1_os spt:500 dpt:500

ISAKMP: reserved not zero on payload 8!

ISAKMP (0): deleting SA: src ffmcif1_os, dst lpk_os

ISADB: reaper checking SA 0x3596154, conn_id = 0

ISADB: reaper checking SA 0x35a0a34, conn_id = 0

ISADB: reaper checking SA 0x3541534, conn_id = 0

ISADB: reaper checking SA 0x2d0e054, conn_id = 0

ISADB: reaper checking SA 0x2d07f44, conn_id = 0

ISADB: reaper checking SA 0x3599104, conn_id = 0

ISADB: reaper checking SA 0x353194c, conn_id = 0

ISADB: reaper checking SA 0x2d0721c, conn_id = 0

ISADB: reaper checking SA 0x359e734, conn_id = 0

ISADB: reaper checking SA 0x353cf64, conn_id = 0

ISADB: reaper checking SA 0x35a4424, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for lpk_os/500 not found - peers:17

ISADB: reaper checking SA 0x3596154, conn_id = 0

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎05-10-2004 06:17 AM

The statement: ISAKMP: "reserved not zero on payload 8! " generally refers to a pre-shared key mismatch. Looks like you pre-shared key is not right. Try and unapply the crypto map and the isakmp of the interface, remove the preshared key, and re-enter it again, then reapply the crypto map and isakmp on the interface, clear the sa and then reinitiate the tunnel. This should work.

0 Helpful
Customers Also Viewed These Support Documents