Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN : malformed payload

Hi,

Unfortunately I had to configure VPN site-site with the following caracteristics:

- Encryption 3DES

- Hashing MD5

- Authentication Pre-Shared

- DH group 2

- Lifetime 7200

between a PIX515E (6.3(3)) and...a 3com Security Gateway...no way to pass IKE Phase I...the two peers are seeing each other and start to negotiate IKE. With PIX debugging I've seen the following error messages on PIX:

- ISAKMP: reserved not zero on payload 5!

- ISAKMP: malformed payload

on 3com it logs Router-ID failure...

Is maybe a software Bug ???

On PIX I've also disable the NAT-T feature !!!

Are these two device interoperable???

Right now on PIX I've setup the isakmp identity as ADDRESS, should I use hostname or key-id ??

Thanks a lot

Omar

3 REPLIES
New Member

Re: IPSEC VPN : malformed payload

In the first place, I don't think so they are interoperable.

Regds,

Hall of Fame Super Blue

Re: IPSEC VPN : malformed payload

Could do with more of the Phase 1 debugging. I would suggest double-checking the pre-shared key as i have seen this message quite a few times when the key is not matching.

Alternatively post the full ISAKMP debug.

New Member

Re: IPSEC VPN : malformed payload

Hi,

Thanks for the reply...I've tried to use isakmp identity as hostname and key-id...but no way the thigs get worst..seeing that with these two my PIX doesn't state Malformed payload

We've checking more times the preshared...and also changed to abcd but no way!

My thought is to not to use ike...and define manually the presahred key...

2290
Views
0
Helpful
3
Replies
CreatePlease to create content