Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
4
Replies

VPN Tunnel question

mary_odriscoll
Level 1
Level 1

‎07-10-2004 06:26 AM

Dear all

I have a problem with a vpn configuration at the moment. Sita A connects via VPN to NMCPIX and Site B connects via VPN to NMCPIX. When I enable debug isakmp and ipsec on NMCPIX and start off icmp packets to test connectivity over both VPN's(icmp is allowed), NMCPIX will respond to ISAKMP queries from Site A but will not respond to IPSEC SA queries from SiteA and SiteB is totally isolated.

I will eventually get errors on NMCPIX such as

"ISAKMP: reserved not zero on payload 8!

ISAKMP: malformed payload"

I have spent hours troubleshooting and I would appreciate any help

TIA

Mary

Labels:
0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎07-11-2004 11:22 PM

Mary,

The first error:"ISAKMP: reserved not zero on payload 8!

Indicates that the ISAKMP Keys do not match, try rekeying the ISAKMP.

The other eror: ISAKMP: malformed payload, indicates pre-shared keys on peers do not match. Check the pre-shared keys on all peers. Did you notice any "sanity check error" ?

PS. on a side note, do you work in C&W DNS?

Jay

0 Helpful

jmia
Level 7
Level 7

‎07-11-2004 11:22 PM

Mary,

The first error:"ISAKMP: reserved not zero on payload 8!

Indicates that the ISAKMP Keys do not match, try rekeying the ISAKMP.

The other eror: ISAKMP: malformed payload, indicates pre-shared keys on peers do not match. Check the pre-shared keys on all peers. Did you notice any "sanity check error" ?

PS. on a side note, do you work in C&W DNS?

Jay

0 Helpful

wisfaque
Level 1
Level 1

‎07-12-2004 02:13 AM

Hello Mary

I agree that the keys do not macth. But also to be doubly sure check the transform sets on both sites also.

Thanks

Wakif

0 Helpful

mary_odriscoll
Level 1
Level 1
In response to wisfaque

‎07-12-2004 06:30 AM

Wakif/Jay

Thanks for the assistance. The isakmp, transform sets and pre-shared secret were all correct so I had to delete the 2 VPN's and recreate. As soon as I did that both VPN's are now working. However, while my icmp tests are successful, I am still getting these errors :-

ISAKMP: reserved not zero on payload 8!

ISAKMP: malformed payload

even though my ip tests are successful. Any ideas ?

TIA

Mary ( not of C+W DNS but C+W Ireland_

0 Helpful
Customers Also Viewed These Support Documents