IPSEC: reserved not zero on payload message when connecting site-to-site

Discussion in 'Cisco' started by Arjan, Oct 12, 2005.

  1. Arjan

    Arjan Guest

    I finally managed to implement a Site-to-Site tunnel using IPSEC
    between ISA back-to-back on one site and and a PIX on the other.

    When testing I noticed that it takes some time to establish the
    connection. Debug showed the following message several times during
    negotiating:
    "ISAKMP: reserved not zero on payload 8!"
    "ISAKMP: malformed payload"

    This message comes up serveral times and then finally the connection
    starts working.
    Cisco stated that this message means that the shared key does not
    match however, I cheked this (of course) and still the message comes
    up. Both in the end the tunnel comes up and traffic is allowed and
    works.

    The problem here is the relative long time needed to establish the
    tunnel causes time-out problems on applications (RDP e.g.)

    I already tried to disable PFS and also checked IKE timers etc.

    Does anyone know the solution for this.
    Arjan, Oct 12, 2005
    #1
    1. Advertising

  2. Arjan

    Merv Guest

    Does the hash algorihmn configured for each peer match?
    Merv, Oct 13, 2005
    #2
    1. Advertising

  3. Arjan

    Arjan Guest

    On 12 Oct 2005 16:17:01 -0700, "Merv" <> wrote:

    >
    >
    >Does the hash algorihmn configured for each peer match?


    meaning ESP-DES-MD5 for stage one and two? Yes they do, however PIX
    also has policy for ESP-DES-SHA that is not used at the moment.
    Arjan, Oct 13, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg
    Replies:
    2
    Views:
    1,837
  2. CCGolfer
    Replies:
    0
    Views:
    371
    CCGolfer
    Jun 8, 2004
  3. reserved addresses

    , Jun 4, 2006, in forum: Cisco
    Replies:
    4
    Views:
    3,024
    thrill5
    Jun 6, 2006
  4. Jack Barrett

    Reserved System Space on Hard Drive?

    Jack Barrett, Nov 26, 2003, in forum: Computer Information
    Replies:
    5
    Views:
    5,665
    Robert Baer
    Nov 28, 2003
  5. Dan

    Portscan from reserved IP

    Dan, Mar 8, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    621
Loading...

Share This Page