11-04-2002 06:31 AM - edited 03-09-2019 12:55 AM
-- *Cisco Moderator edited this post. All public IP addresses have been changed to nnn.xxx.yyy and nnn.zzz.yyy to mask the actual public network and configuration in this public forum. Please refrain from posting actual IP addresses to reduce security risks involved. --
PC (SSH Sentinal) ----> WEB ----> DSL500 ADSL ----> Cisco 1710 --- Internal Lan
Anyone come across this error message during initiation of an IPSec SA. Under laboratory conditions! the tunnel establishes all ok but using an ADSL Dlink DSL500 modem set for NAT/PAT and so called built-in VPN forwarding, the key exchange works but protocol gets stuck.
Several other mentions on web regarding this problem but nothing on CCO
00:04:56: ISAKMP (0:1): processing KE payload. message ID = 0
00:04:56: ISAKMP (0:1): processing NONCE payload. message ID = 0
00:04:56: ISAKMP (0:1): found peer pre-shared key matching *nnn.zzz.yyy.5
00:04:56: ISAKMP (0:1): SKEYID state generated
00:04:56: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Old State = IKE_R_MM3 New State = IKE_R_MM3
00:04:56: ISAKMP (0:1): sending packet to *nnn.zzz.yyy.5 (R) MM_KEY_EXCH
00:04:56: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Old State = IKE_R_MM3 New State = IKE_R_MM4
00:04:57: ISAKMP (0:1): received packet from *nnn.zzz.yyy.5 (R) MM_KEY_EXCH
00:04:57: ISAKMP: reserved not zero on ID payload!
00:04:57: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from *nnn.xxx.yyy.5 failed its sanity check or is malformed
11-11-2002 02:21 PM
Seems like a known bug which has been resolved in IOS version 12.2,try using 12.2
11-11-2002 03:42 PM
Message to moderator: ip addresses were set as bogus before posting.
Found problem to be result of incorrect copy/paste of password
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide