1. Home
  2. Cisco Systems
  3. PIX debug

PIX debug

trouble bringing up VPN...

debug on x.x.x.x pix

ISAKMP (0): deleting SA: src y.y.y.y, dst x.x.x.x ISADB: reaper checking SA 0x34e93d4, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for y.y.y.y/500 not found - peers:0 crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy ISAKMP: encryption AES-CBC ISAKMP: hash SHA ISAKMP: default group 2 ISAKMP: auth pre-share ISAKMP: keylength of 256 ISAKMP: life type in seconds ISAKMP: life duration (basic) of 28800 ISAKMP (0): atts are acceptable. Next payload is 0 ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 ISAKMP: reserved not zero on payload 5! ISAKMP: malformed payload

What should I be looking at?

Reply to
terrydoc
Loading thread data ...

In the message

snipped-for-privacy@o2.ie wrote:

| trouble bringing up VPN... | | debug on x.x.x.x pix | | ISAKMP (0): deleting SA: src y.y.y.y, dst x.x.x.x | ISADB: reaper checking SA 0x34e93d4, conn_id = 0 DELETE IT! | | VPN Peer:ISAKMP: Peer Info for y.y.y.y/500 not found - peers:0 | crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 | OAK_MM exchange ISAKMP (0): processing SA payload. message ID = 0 | | ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy | ISAKMP: encryption AES-CBC | ISAKMP: hash SHA | ISAKMP: default group 2 | ISAKMP: auth pre-share | ISAKMP: keylength of 256 | ISAKMP: life type in seconds | ISAKMP: life duration (basic) of 28800 | ISAKMP (0): atts are acceptable. Next payload is 0 ISAKMP (0): | processing vendor id payload | | ISAKMP (0): processing vendor id payload | | ISAKMP (0): remote peer supports dead peer detection | | ISAKMP (0): processing vendor id payload | | ISAKMP (0): SA is doing pre-shared key authentication using id type | ID_IPV4_ADDR return status is IKMP_NO_ERROR | crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 | OAK_MM exchange ISAKMP (0): processing KE payload. message ID = 0 | | ISAKMP (0): processing NONCE payload. message ID = 0 | | return status is IKMP_NO_ERROR | crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500 | ISAKMP: reserved not zero on payload 5! | ISAKMP: malformed payload | | What should I be looking at?

formatting link
Reserved Not Zero on Payload 5

This means that the ISAKMP keys do not match. Rekey/reset in order to ensure accuracy.

Check the lifetime of the key and set it to the same value on both ends.

Reply to
Morph

Thanks - that was it...

Reply to
terrydoc

| >

formatting link
| >

| > Reserved Not Zero on Payload 5 | >

| > This means that the ISAKMP keys do not match. Rekey/reset in order to | > ensure accuracy. | >

| > Check the lifetime of the key and set it to the same value on both ends. | | Thanks - that was it...

No problem. Glad it worked.

Reply to
Morph

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.