Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IPSEC: reserved not zero on payload message when connecting site-to-site

Reply
Thread Tools

IPSEC: reserved not zero on payload message when connecting site-to-site

 
 
Arjan
Guest
Posts: n/a
 
      10-12-2005
I finally managed to implement a Site-to-Site tunnel using IPSEC
between ISA back-to-back on one site and and a PIX on the other.

When testing I noticed that it takes some time to establish the
connection. Debug showed the following message several times during
negotiating:
"ISAKMP: reserved not zero on payload 8!"
"ISAKMP: malformed payload"

This message comes up serveral times and then finally the connection
starts working.
Cisco stated that this message means that the shared key does not
match however, I cheked this (of course) and still the message comes
up. Both in the end the tunnel comes up and traffic is allowed and
works.

The problem here is the relative long time needed to establish the
tunnel causes time-out problems on applications (RDP e.g.)

I already tried to disable PFS and also checked IKE timers etc.

Does anyone know the solution for this.

 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      10-12-2005


Does the hash algorihmn configured for each peer match?

 
Reply With Quote
 
 
 
 
Arjan
Guest
Posts: n/a
 
      10-13-2005
On 12 Oct 2005 16:17:01 -0700, "Merv" <(E-Mail Removed)> wrote:

>
>
>Does the hash algorihmn configured for each peer match?


meaning ESP-DES-MD5 for stage one and two? Yes they do, however PIX
also has policy for ESP-DES-SHA that is not used at the moment.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are Python's reserved words reserved in places they dont need to be? metaperl Python 32 09-15-2006 02:02 PM
RE: Are Python's reserved words reserved in places they dont needtobe? Delaney, Timothy (Tim) Python 10 09-14-2006 04:17 PM
Re: Are Python's reserved words reserved in places they dont needtobe? Steve Holden Python 0 09-13-2006 08:44 AM
5350 can't use G711 payload type for fax pass-through?? Greg Cisco 2 04-05-2005 01:53 PM
Any problems with SIP phones not identifying payload sizes? CCGolfer VOIP 0 06-08-2004 08:44 PM



Advertisments