Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
1
Replies

ISAKMP: reserved not zero on payload 5

tonygauderman
Level 1
Level 1

‎09-19-2002 08:16 AM - edited ‎03-09-2019 12:22 AM

I have a PIX 506, trying to establish a tunnel to a Netscreen Model 50. When trying to bring the tunnel up, Phase 1 comes up fine, but get

ISAKMP: reserved not zero on payload 5

in phase 2. Eventually, the tunnel comes up, after 4 or 5 minutes, and 4 or 5 thousand ping packets. When it's coming up, if you do a "show crypto isakmp sa" it shows additional sa's keep adding for the same peer. They are all in state QM_IDLE. Eventually, the VPN starts to work, but a number of the sa's remain. Typically, around 35 are present by the time the VPN comes up, and 15 to 20 remain after it's up. We are using group 2, 3DES, MD5.

Labels:
0 Helpful
1 Reply 1

afakhan
Level 4
Level 4

‎09-19-2002 01:24 PM

Please make sure that you have matching pre-shared key on the two sides, and for inter-op issues you can make sure that two sides have one iskamp/ipsec transfor-sets configured, and lifetimes for SAs matches as well.

thanks,

Afaq

0 Helpful
Customers Also Viewed These Support Documents