LAN-to-LAN Dynamic VPN between PIX515E and BeWAN 6004
I'm trying to establish a VPN tunnel in dynamic mode between a PIX515E rel 6.3(1) and a BeWAN 6004. I need dynamic mode because the BeWAN is connected to a provider that is delivering his IP address when coming on line via the ADSL line.
The ISAKMP stucks in this state : MM_KEY_EXCH
I've seen the message : ISAKMP: reserved not zero on payload 5!
This usually indicates a problem with the key, but i've re-created a new key on both sides and rebooted the boxes.
I have tried a static configuration by watching the attributed IP address of the BeWAN and in this case it works !
Here is a sample debug ouput taken from the PIX in dynamic mode :
Re: LAN-to-LAN Dynamic VPN between PIX515E and BeWAN 6004
Should work in dynamic mode. You're correct in stating that the "reserved not zero on payload" usually means the ISAKMP key is wrong, or at least they differ on both sides. For dynamic mode you'll have a line in your config something like:
> isakmp key address 0.0.0.0
so make sure this is the key that you're changing. Other than that, can you post the config (xxxx out your passwords and IP addresses), maybe there's something in there. Can you get any debugs from the other side?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :