Many Kudos to the person who figures this one out...
We have a VPN concentrator and about 15 1811's already in the field and working. We can't seem to get the latest one to work properly, we initially thought it was bad hardware, we are on our 3rd VPN router. Multiple IOS versions have been tried, 3 different ISP's from 4 seperate locations have been tried, and of course we even copied known good configs with still no luck. And yes we have verified the connection limit of our concentrator.
Now on to the good stuff
Log message, distant end failed sanity check:
000157: *Aug 28 10:56:56.126 CDT: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from xxx.xxx.xxx.xxx failed its sanity check or is malformed
000734: *Aug 28 11:58:57.197 CDT: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) Use
Also, this is setup with ezvpn, IKE phase 1 completes.
here is a partial output of the isakmp debug, after the 5th retry it attempts to tear down the connection but fails because the connection doesn't exist, and then goes through the policy matching, authenticates, inserts a peer and comes back to this point.
After many hours we figured out a solution to the problem but developed another issue.
The original problem was resolved by finding an IOS with a crypto library version 19.0.0, the 20.0.0 gave bad IKE messages and couldn't generate an RSA key without an error. So that part is resolved, but I can't find an IOS that has the crypto lib I need with a good working wireless for my Cisco 1811.
The current IOS I have loaded is c181x-advipservicesk9-mz.124-6.T11.
The IOS's we are having known issues with the vrypto lib are c181x-advipservicesk9-mz.124-11.XW3.bin - 124-11.XW9.bin.
The "T" series does not work with the wireless (at least the ones that I have tried) and the XW series wont work because of the crypto lib version.
I have tried many different IOS's and shooting in the dark for the right information is becoming a headache and wasting a lot of time. Any additional help would be appreciated.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...