Cisco Pix 506E VPN to Win XP using Microsoft built in VPN

Discussion in 'Cisco' started by Mark, Dec 19, 2003.

  1. Mark

    Mark Guest

    Having problems setting up our PIX 506E to a Windows XP laptop.

    The below line seems t obe wehre it is causing problems...
    ISAKMP: reserved not zero on payload 5

    Does anyone have any suggestions?

    Copy of debug shown below.

    thanks

    Mark


    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a MSWIN2K client

    ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
    ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a MSWIN2K client

    ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
    ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a MSWIN2K client

    ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
    ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
    ISAKMP: encryption DES-CBC
    ISAKMP: hash MD5
    ISAKMP: default group 1
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a MSWIN2K client

    ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
    ISAKMP: reserved not zero on payload 5!
    ISAKMP (0): deleting SA: src 194.143.190.102, dst 194.143.190.100
    ISADB: reaper checking SA 0xe677cc, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 194.143.190.102/500 not found - peers:0

    crypto_isakmp_process_block:src:194.143.190.102, dest:194.143.190.100 spt:500 dp
    t:500
     
    Mark, Dec 19, 2003
    #1
    1. Advertising

  2. In article <>,
    Mark <> wrote:
    :Having problems setting up our PIX 506E to a Windows XP laptop.

    :The below line seems t obe wehre it is causing problems...
    :ISAKMP: reserved not zero on payload 5

    :Does anyone have any suggestions?

    http://www.vpnc.org/ietf-ipsec/98.ipsec/msg00203.html

    seems to get into the nitty-gritty of what the message is complaining
    about (certain fields are required to be zero but aren't being sent as
    zero). Or you can find a much easier-to-read form in
    http://rfc-2408.rfcindex.net/rfc-2408-61.htm .

    This leaves wide open the question of -why- the fields are coming
    out non-zero, and I don't know the answer to that. One article
    I glanced at hinted that perhaps the problem could be caused
    by mismatched pre-shared keys between the two sides, so I
    suggest that you re-check the keys, make sure zeroes
    aren't oh's, the one's aren't el's, and so on.
    --
    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
     
    Walter Roberson, Dec 19, 2003
    #2
    1. Advertising

  3. Mark

    Mark Guest

    Has anyone else had any run-ins with this problem?

    thanks

    Mark
     
    Mark, Jan 6, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. paul tomlinson

    VOIP using Cisco PIX 506e and Cisco 837

    paul tomlinson, Jan 21, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,067
    Walter Roberson
    Jan 21, 2004
  2. Kai
    Replies:
    0
    Views:
    7,742
  3. l'illuminato
    Replies:
    1
    Views:
    1,574
  4. Laurent
    Replies:
    2
    Views:
    607
    Laurent
    Mar 1, 2008
  5. andypatterson24
    Replies:
    2
    Views:
    2,944
    andypatterson24
    Apr 25, 2008
Loading...

Share This Page