-- *Cisco Moderator edited this post. All public IP addresses have been changed to nnn.xxx.yyy and nnn.zzz.yyy to mask the actual public network and configuration in this public forum. Please refrain from posting actual IP addresses to reduce security risks involved. --

PC (SSH Sentinal) ----> WEB ----> DSL500 ADSL ----> Cisco 1710 --- Internal Lan

Anyone come across this error message during initiation of an IPSec SA. Under laboratory conditions! the tunnel establishes all ok but using an ADSL Dlink DSL500 modem set for NAT/PAT and so called built-in VPN forwarding, the key exchange works but protocol gets stuck.

Several other mentions on web regarding this problem but nothing on CCO

00:04:56: ISAKMP (0:1): processing KE payload. message ID = 0

00:04:56: ISAKMP (0:1): processing NONCE payload. message ID = 0

00:04:56: ISAKMP (0:1): found peer pre-shared key matching *nnn.zzz.yyy.5

00:04:56: ISAKMP (0:1): SKEYID state generated

00:04:56: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Old State = IKE_R_MM3 New State = IKE_R_MM3

00:04:56: ISAKMP (0:1): sending packet to *nnn.zzz.yyy.5 (R) MM_KEY_EXCH

00:04:56: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Old State = IKE_R_MM3 New State = IKE_R_MM4

00:04:57: ISAKMP (0:1): received packet from *nnn.zzz.yyy.5 (R) MM_KEY_EXCH

00:04:57: ISAKMP: reserved not zero on ID payload!

00:04:57: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from *nnn.xxx.yyy.5 failed its sanity check or is malformed