Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco Pix 506E VPN to Win XP using Microsoft built in VPN

Reply
Thread Tools

Cisco Pix 506E VPN to Win XP using Microsoft built in VPN

 
 
Mark
Guest
Posts: n/a
 
      12-19-2003
Having problems setting up our PIX 506E to a Windows XP laptop.

The below line seems t obe wehre it is causing problems...
ISAKMP: reserved not zero on payload 5

Does anyone have any suggestions?

Copy of debug shown below.

thanks

Mark


ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a MSWIN2K client

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a MSWIN2K client

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a MSWIN2K client

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a MSWIN2K client

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
ISAKMP: reserved not zero on payload 5!
ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
t:500
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-19-2003
In article <(E-Mail Removed) >,
Mark <(E-Mail Removed)> wrote:
:Having problems setting up our PIX 506E to a Windows XP laptop.

:The below line seems t obe wehre it is causing problems...
:ISAKMP: reserved not zero on payload 5

oes anyone have any suggestions?

http://www.vpnc.org/ietf-ipsec/98.ipsec/msg00203.html

seems to get into the nitty-gritty of what the message is complaining
about (certain fields are required to be zero but aren't being sent as
zero). Or you can find a much easier-to-read form in
http://rfc-2408.rfcindex.net/rfc-2408-61.htm .

This leaves wide open the question of -why- the fields are coming
out non-zero, and I don't know the answer to that. One article
I glanced at hinted that perhaps the problem could be caused
by mismatched pre-shared keys between the two sides, so I
suggest that you re-check the keys, make sure zeroes
aren't oh's, the one's aren't el's, and so on.
--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire

 
Reply With Quote
 
 
 
 
Mark
Guest
Posts: n/a
 
      01-06-2004
Has anyone else had any run-ins with this problem?

thanks

Mark
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Applet to run on Win 98, Win ME, Win XP, Win Vista & Win 7 ?? Krist Java 6 05-06-2010 11:53 PM
Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP andypatterson24 Cisco 2 04-25-2008 07:41 PM
PIX 506e Access VPN and Lan2Lan VPN Laurent Cisco 2 03-01-2008 01:05 PM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM
VOIP using Cisco PIX 506e and Cisco 837 paul tomlinson Cisco 1 01-21-2004 11:09 PM



Advertisments