Hi Everyone, I have a lab with (3) 2500series routers IOS 12.2. Have setup an ipsec vpn between the far side routers, but the ipsec sa is not establishing. After debugging isakmp to see if they establish phase 1, I get the following error:
03:52:45: ISAKMP: reserved not zero on ID payload!
03:52:45: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 172.16.0.100 failed its sanity check or is malformed
Here is the complete debug:
Boston#debug crypto isakmp
03:52:34: ISAKMP (0:0): received packet from 172.16.0.100 (N) NEW SA
03:52:34: ISAKMP: local port 500, remote port 500
03:52:34: ISAKMP (0:2): processing SA payload. message ID = 0
03:52:34: ISAKMP (0:2): found peer pre-shared key matching 172.16.0.100
"reserved not zero on payload" generally means your pre-shared keys don't match. Try removing the "crypto isakmp key ...." line and retyping it in again on both sides. In particular DON'T cut/paste it from one router config into another, this quite often puts a space character onto the end of the key, which the router interprets as part of the key and they therefore don't match.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...