I have a problem. I try connect Cisco 3620 and Linksys RV042 by site-to-site VPN and I can't establish 1 phase of ISAKMP. From "show log" I get erorr:%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 126.96.36.199 failed its sanity check or is malformed. and from "debug crypto isakmp error" I get the output:
4d07h: ISAKMP (0:0): received packet from 188.8.131.52 dport 500 sport 500 Glob
al (N) NEW SA
4d07h: ISAKMP: Created a peer struct for 184.108.40.206, peer port 500
4d07h: ISAKMP: Locking peer struct 0x630776D4, IKE refcount 1 for crypto_ikmp_co
%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from [IP_address] failed its sanity check or is malformed
A quick verification check is done on all received ISAKMP messages to ensure that all component payload types are valid and that the sum of their individual lengths equals the total length of the received message. This message indicates a failed verification check. Persistently bad messages could mean a denial-of-service attack or bad decryption.
Can you revert whether the ISAKMP configurations are the same on both the boxes ?
Can you check up the same on both the Cisco box related to hash,encryption and group if you have set under ISAKMP config with the config set in the linksys box ?.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...