Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

PIX running version 6.3(5) with 128MB. I was paged at 4am this morning for a problem with one of our Partners BRAZIN that goes through the PIX. I ran debugs and the below is the only error it came up with it:-

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

crypto_isakmp_process_block:src:203.58.207.135, dest:203.5.136.138 spt:500 dpt:4500

ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

The tunnel was up but phase 2 was not established and there were no SA's for Brazin. I could ping all the other peers for the other partners but not Brazins peer which makes me suspect the issue may have been the other end.

I would like to know what the above error messages mean ? I tried to find it on the Cisco website with no avail.

1 REPLY
Silver

Re: ISAKMP: received illegal hdr.len 16 < sizeof(isakmp_hdr) 28

I remember a bug that was related to this kind of issue, but that is supposed to have been fixed in 6.3(5). Did you try disabling and enabling the ISAKMP on the interface?

Was there any NAT device introduced between the PIX and the remote end? I see NAT traversal (UDP Port 4500) being enabled.

190
Views
0
Helpful
1
Replies