Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

canot bring up VPN Tunnel

Dear All,

using PIX ver 7.0

created site to site vpn tunnel using VPN Wizard

got errors on the log:

Header invalid, missing SA payload! (next payload = 4)

Group = 102.19.20.30, IP = 102.19.20.30, Can't find a valid tunnel group, aborting...!

(ip's was change for security reason)

what is wrong? what this error mean?

Thanks in advances

2 REPLIES
Gold

Re: canot bring up VPN Tunnel

there are many possibilities. would you please post the config?

Community Member

Re: canot bring up VPN Tunnel

Hi,

I had the same problem between a PIX 515 7.0 and PIX 501 6.3.

I built the tunnel-group on the 515 using ASDM VPN wizard which I gave a name (the default is that it uses the IP address of the peer).

So when I then looked at the config:

show run | grep tunnel

I got:

tunnel-group type ipsec-l2l

I used IOS commands to change this to the IP address of the peer rather than the name:

tunnel-group xx.xx.xx.xx type ipsec-l2l

ISAKMP negotiation worked straight after pinging through the tunnel.

Regards,

Tony

279
Views
0
Helpful
2
Replies
CreatePlease to create content