Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix IPSec-VPN fails with "reserved not zero on payload 11"


i need to establish a IPSec-VPN-connection between our PIX 515 firewall (6.3.3) and a security gateway from SAP. Used parameters ar ESP 3DES MD5 Diffie-Hellman Group 2 with pre-shared key.

The IKE fails with the debug-messages:

ISAKMP: reserved not zero on payload 11!

ISAKMP: malformed payload

I didn't find any information about this error-messages, especially payload 11.

Do you know where i can find more information about that ?

Best regards,

Richard Lind

The "sh isakmp sa detail"-command reports:

Total : 1

Embryonic : 1

Local Remote Encr Hash Auth State Lifetime

FXM-FW_host_g:500 SAP-FW_host_g:500 3des md5 psk MM_KEY_EXCH 7172

The complete "debug crypto isakmp"-log is attached ...

Cisco Employee

Re: Pix IPSec-VPN fails with "reserved not zero on payload 11"

This message usually indicates your pre-shared keys are no matching on both peers. Re-enter your keys on both sides, make sure you don't cut/paste them in cause this can leave blank spaces at the end which the PIX will treat as part of the key. Type them in manually and see how you go.

New Member

Re: Pix IPSec-VPN fails with "reserved not zero on payload 11"

Thank's a lot, the problem was the preshared-key ...;-)))


Richard Lind

CreatePlease login to create content