Solved: VPN issue on Cisco 7206

imran_mo · ‎12-14-2007

Hi Experts,

We have a VPN setup between a Cisco 871 router and a Cisco 7206 VXR router.

The 7206 is a HUB location and the 871 is one of the spokes.

The 871 uses a DSL connection to connect to the internet.

Today we've been getting a large amount of logs on the 7206, logs are as below-

Dec 14 17:47:48.326 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:48:57.078 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:50:33.191 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:51:47.383 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed.

Can someone advise if there may be a problem with the DSL connection or if this indicates something else.

mj11 · ‎12-16-2007

Hi Imran

Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured

Regards MJ

View solution in original post

mj11 · ‎12-16-2007

Hi Imran

Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured

Regards MJ

imran_mo · ‎12-17-2007

Hi,

I dont think thats the problem, because if the keys didnt match the tunnel would not come up at all. The tunnel is up but these logs are on the Hub router.

mj11 · ‎12-17-2007

Hi Imran

Are you able to confirm that traffic is going over the VPN? also what is the address in the error log is it from the peer.

Regards MJ

imran_mo · ‎12-19-2007

Hi MJ,

Sorry about earlier, it did turn out to be a Crypto Key issue. But I didnt understand how the tunnels were showing in QM_IDLE state een when the keys didnt match.

Anyway thanks for your help on this.

Regards,

Imran.