Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
1
Replies

Vpn site to site and ipsec problem

barbara.costantini
Level 1
Level 1

‎06-18-2004 12:04 AM - edited ‎02-21-2020 01:12 PM

Vpn site to site and ipsec problem

I have configured a ipsec's tunnel from a PIX 506 to a PIX 515E.

The version of software is 6.3.3

The settings on both pix's isakmp polices, transform-set, crypto-map are the same

but periodically the ipsec tunnel fails.

When the ipsec tunnel is down, the pix 515 reports the following error

ISAKMP: illegal udp len

while the pix 506 notices

IPSEC(validate_proposal): transform proposal (prot 3, trans 2, hmac_alg 1) not supported

ISAKMP (0): atts not acceptable. Next payload is 0

But the configuration on both pixs is not changed in fact ipsec tunnel goes online after few time,

without no change.

Does anyone know what the message (illegal udp len) relates too?

would very much appreciate anyone's help.

Many Thanks

B

Labels:
0 Helpful
1 Reply 1

aacole
Level 5
Level 5

‎06-18-2004 08:14 AM

Does this problem occur after the periodic P1 ISAKMP re-key process kicks off, 24hrs by default. From `debug crypto isakmp' over what time interval does this occur?

The P1 rekey interval can be changed by `isakmp policy 10 lifetime 86400' command.

0 Helpful
Customers Also Viewed These Support Documents