Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

bad SPI size / VPN between PIX515 and VPN-Client 4.0.3D

Following problem:

- ISAKMP/IPSec configuration between PIX 515 UR and Cisco VPN client 4.0.3 D.

- ISAKMP parameters = AES-256; SHA; group 5; pre-shared key

- IPSec parameters = ESP-AES-256; ESP-SHA; x-auth

Main mode and x-auth are running successful. Quick Mode results in following debug message (PIX):

ISAKMP (0): atts are acceptable.

ISAKMP (0): bad SPI size of 2 octets!

ISAKMP : Checking IPSec proposal 3

Quick mode continues until timout expires. No SPI will be generated and exchanged.

In a lab environment anything works fine. Only the production PIX has the described problem.

I know that the SPI has to have a size of 1 octet. All searching the web and did not result in any useful information.

Did anyone got the same experiences or does anyone have a helpfull tip?

Thanks a lot.


  • VPN
New Member

Re: bad SPI size / VPN between PIX515 and VPN-Client 4.0.3D

Any update on this? Kindly post it on forym