Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN issue on Cisco 7206

Hi Experts,

We have a VPN setup between a Cisco 871 router and a Cisco 7206 VXR router.

The 7206 is a HUB location and the 871 is one of the spokes.

The 871 uses a DSL connection to connect to the internet.

Today we've been getting a large amount of logs on the 7206, logs are as below-

Dec 14 17:47:48.326 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:48:57.078 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:50:33.191 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed

Dec 14 17:51:47.383 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed.

Can someone advise if there may be a problem with the DSL connection or if this indicates something else.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN issue on Cisco 7206

Hi Imran

Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured

Regards MJ

4 REPLIES
New Member

Re: VPN issue on Cisco 7206

Hi Imran

Looking at the error message, The encryption keys on the two ends do not match. Check to make sure that the preshared keys are correctly configured

Regards MJ

New Member

Re: VPN issue on Cisco 7206

Hi,

I dont think thats the problem, because if the keys didnt match the tunnel would not come up at all. The tunnel is up but these logs are on the Hub router.

New Member

Re: VPN issue on Cisco 7206

Hi Imran

Are you able to confirm that traffic is going over the VPN? also what is the address in the error log is it from the peer.

Regards MJ

New Member

Re: VPN issue on Cisco 7206

Hi MJ,

Sorry about earlier, it did turn out to be a Crypto Key issue. But I didnt understand how the tunnels were showing in QM_IDLE state een when the keys didnt match.

Anyway thanks for your help on this.

Regards,

Imran.

254
Views
0
Helpful
4
Replies