12-14-2007 04:19 PM - edited 02-21-2020 03:26 PM
Hi Experts,
We have a VPN setup between a Cisco 871 router and a Cisco 7206 VXR router.
The 7206 is a HUB location and the 871 is one of the spokes.
The 871 uses a DSL connection to connect to the internet.
Today we've been getting a large amount of logs on the 7206, logs are as below-
Dec 14 17:47:48.326 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:48:57.078 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:50:33.191 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:51:47.383 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed.
Can someone advise if there may be a problem with the DSL connection or if this indicates something else.
Solved! Go to Solution.
12-16-2007 07:48 AM
Hi Imran
Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured
Regards MJ
12-16-2007 07:48 AM
Hi Imran
Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured
Regards MJ
12-17-2007 06:00 AM
Hi,
I dont think thats the problem, because if the keys didnt match the tunnel would not come up at all. The tunnel is up but these logs are on the Hub router.
12-17-2007 10:12 AM
Hi Imran
Are you able to confirm that traffic is going over the VPN? also what is the address in the error log is it from the peer.
Regards MJ
12-19-2007 10:31 AM
Hi MJ,
Sorry about earlier, it did turn out to be a Crypto Key issue. But I didnt understand how the tunnels were showing in QM_IDLE state een when the keys didnt match.
Anyway thanks for your help on this.
Regards,
Imran.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: