Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
28175
Views
0
Helpful
2
Replies

Error message %CRYPTO-4-IKMP_BAD_MESSAGE: from IPSEC tunnels

yardenab1
Level 1
Level 1

‎03-22-2006 05:31 AM - edited ‎02-21-2020 02:19 PM

Hello,

The following message apears on a syslog server: "%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 10.77.77.76 failed its sanity check or is malformed". The message arrives from a router with ipsec tunnel connections. Although this message apears prety often, we do not experience disconnections. Is that a real problem? If yes could you pls help me understand and solve the problem? attached the configuration of the remote site (with loopback 10.77.77.76)

ThanksInAdvance,

Yardena

4 people had this problem
Labels:
Preview file
10 KB
0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎03-28-2006 07:45 AM

Here is the explaination from Cisco for this error message:

A quick verification check is done on all received ISAKMP messages to ensure that all component payload types are valid and that the sum of their individual lengths equals the total length of the received message. This message indicates a failed verification check. Persistently bad messages could mean a denial-of-service attack or bad decryption.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_system_message_guide_chapter09186a008009e75f.html

0 Helpful

rafaelgarcia
Level 1
Level 1

‎03-28-2006 11:30 AM

Hello,

It seems to be a preshared mismatch. Make sure they are both the same. Remember if you are going to make a change you need to disable the crypto map on the interface, make the changes and then enable it back. Changes made without following these steps might not work properly.

http://www.boerderie.com/VPNdebugging.html#cisco

Let me know if it helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents