Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

User receives the Header invalid, missing SA payload error message on the Cisco VPN 3000 Concentrator

Resolution

The following output shows the user receiving the Header invalid, missing SA payload error message on the Cisco VPN 3000 Concentrator:

EVENTID: IKE_NO_SA

LEVEL: ES_SEV_INFO3

STRING: "Header invalid, missing SA payload! (next payload = %d)"

This event generally means that the VPN Concentrator and the remote peer are out of sync. The remote peer is continuing to negotiate an Internet Key Exchange (IKE) Security Association (SA) that has been deleted by the VPN Concentrator. The condition should eventually correct itself as the negotiation times out. This event can sometimes indicate a benign condition, which is caused by a race condition. An example of a race condition is when both peers delete an SA simultaneously and send deletes. The delete messages get to the peer, but the peer has already deleted the SA on its own. The peer expects a new phase 1 message to include an SA payload, which the delete message does not include.

If the condition persists, the tunnel should be reset on both sides.

VPN 3000 Model

Concentrator models

VPN 3000 Event Logs

Header invalid, missing SA payload! (next payload = 8)

Version history
Revision #:
1 of 1
Last update:
‎06-18-2009 03:54 PM
Updated by:
 
Labels (1)