Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

bad SPI size / VPN between PIX515 and VPN-Client 4.0.3D

Following problem:

- ISAKMP/IPSec configuration between PIX 515 UR and Cisco VPN client 4.0.3 D.

- ISAKMP parameters = AES-256; SHA; group 5; pre-shared key

- IPSec parameters = ESP-AES-256; ESP-SHA; x-auth

Main mode and x-auth are running successful. Quick Mode results in following debug message (PIX):

ISAKMP (0): atts are acceptable.

ISAKMP (0): bad SPI size of 2 octets!

ISAKMP : Checking IPSec proposal 3

Quick mode continues until timout expires. No SPI will be generated and exchanged.

In a lab environment anything works fine. Only the production PIX has the described problem.

I know that the SPI has to have a size of 1 octet. All searching the web and cisco.com did not result in any useful information.

Did anyone got the same experiences or does anyone have a helpfull tip?

Thanks a lot.

Steffen

  • VPN
1 REPLY
New Member

Re: bad SPI size / VPN between PIX515 and VPN-Client 4.0.3D

Any update on this? Kindly post it on forym

155
Views
0
Helpful
1
Replies