• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems IPSEC: reserved not zero on payload message when connecting site-to-site

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date IPSEC: reserved not zero on payload message when connecting site-to-site Arjan 10-12-05  Re: IPSEC: reserved not zero on payload message wh... Merv 10-12-05  Re: IPSEC: reserved not zero on payload message wh... Arjan 10-13-05

Posted by Arjan on October 12, 2005, 6:29 pm Please log in for more thread options I finally managed to implement a Site-to-Site tunnel using IPSEC between ISA back-to-back on one site and and a PIX on the other. When testing I noticed that it takes some time to establish the connection. Debug showed the following message several times during negotiating: "ISAKMP: reserved not zero on payload 8!" "ISAKMP: malformed payload" This message comes up serveral times and then finally the connection starts working. Cisco stated that this message means that the shared key does not match however, I cheked this (of course) and still the message comes up. Both in the end the tunnel comes up and traffic is allowed and works. The problem here is the relative long time needed to establish the tunnel causes time-out problems on applications (RDP e.g.) I already tried to disable PFS and also checked IKE timers etc. Does anyone know the solution for this.

Posted by Merv on October 12, 2005, 7:17 pm Please log in for more thread options Does the hash algorihmn configured for each peer match?

Posted by Arjan on October 13, 2005, 2:37 pm Please log in for more thread options > > >Does the hash algorihmn configured for each peer match? meaning ESP-DES-MD5 for stage one and two? Yes they do, however PIX also has policy for ESP-DES-SHA that is not used at the moment.

Similar Threads	Posted
IPSEC: reserved not zero on payload message when connecting site-to-site	October 12, 2005, 6:29 pm
connecting a Nortel Contivity VPN device to a Cisco PIX Firewall in IPSEC tunnel mode	August 3, 2006, 2:12 pm
reserved addresses	June 4, 2006, 8:46 am
Pix VPN Problem - ISAKMP: malformed payload	January 9, 2008, 12:26 pm
Cisco's implementation of RFC 2406: IP Encapsulating Security Payload (ESP)	December 19, 2007, 5:10 pm
PIX Failover Message	February 14, 2005, 10:43 pm
pix traffic log message	October 12, 2005, 7:59 am
Set message subject here ...	October 18, 2005, 4:08 pm
Error Message	December 7, 2005, 12:32 pm
Saving a VM message	December 28, 2005, 1:04 pm
PIX Error Message	May 11, 2007, 8:41 am
message output	August 14, 2007, 6:03 pm
Getting message: IKE_MAIN:507	June 12, 2008, 10:49 pm
CSWinAgent Error Message	February 27, 2006, 4:11 pm
Catalyst 500 message timestamp	March 3, 2006, 1:47 pm

Contact Us | Privacy Policy