Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISAKMP: reserved not zero on payload 5!

I'm trying to establish a VPN with a PIX 515E using a Solaris 9


The Solaris client is the initiator, The phase 1 IKE

exchange fails , the PIX does not like something

in the 5th packet in main mode. I got this from

the PIX debug log:

ISAKMP: reserved not zero on payload 5!

What does this mean ?

This is using native Solaris IPsec, preshared keys.

Cisco software version 6.1


Re: ISAKMP: reserved not zero on payload 5!


It means you need to re-enter preshared keys on the two sides.



New Member

Re: ISAKMP: reserved not zero on payload 5!

Hello Afaq,

This helped - actually the problem was Solaris uses preshared

keys in hex, Cisco uses ASCII :-)

I still get this message, but the negotiation gets further this time

despite the above error. The failure point is now in phase 2:

IPSEC(validate_transform_proposal): invalid local address x.x.x.x

Where x.x.x.x is the IP address of the PIX

I saw an article on your website which mentioned this - I need

to use:

crypto map map-name local-address interface-id

The documentation does not cover this command ( unless

I overlooked it )

Thanks again.

Cisco Employee

Re: ISAKMP: reserved not zero on payload 5!

This is usually a fairly generic error when it comes to the PIX. The "local-address" command you're referring to is an IOS router command, not a PIX command, so that's why you're not seeing it.

Check your transforms, ACL's, etc on both sides, make sure they match properly.