Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
1
Replies

Ipsec Tunnel between two routers

swensonj
Level 1
Level 1

‎12-13-2008 12:36 PM - edited ‎02-21-2020 04:04 PM

I have two routers Cisco 837 and 2651xm. Running a debug ipsec on both routers the 837 gives what looks like thing are good. On the 2651 I get --CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 63.25X.18X.2XX failed its sanity check or is malformed - I'm not sure what this is since the tunnels show to be up on both routers.

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎12-13-2008 05:33 PM

Can you post the output of show crypto isakmp sa from either router this will show if indeed SA has succesfully been built or autenticated bewteen the two peers. Successful authentication will show QM_IDLE for tunnel state.

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s2gt.html#wp1178099

double check "crypto isakmp keys" to be exact at both ends.

CRYPTO-4-IKMP_BAD_MESSAG is a Key Mismatch error message.

http://www.cisco-systems.se/univercd/cc/td/doc/product/vpn/solution/aswan15/omt/omt_apb.htm

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents