1 Reply Latest reply on Nov 6, 2014 1:53 PM by mick

    Ike Negotiation

    pta200 New Member

      Getting the following error "CRYPTO_IKE.NEGOTIATION peer XXXXXXXX: InLength differs from IsakmpHdr field length 260 != 0 !"

      Don't know what the other side is. Both sides seem to be configured the same. Don't know why I'm seeing !3DES and DES message as part of main mode 5th message.

       

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION <POLICY: 10> PAYLOADS: ID,HASH

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION   ID PAYLOAD

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     IANA No. for identifn: 1 -> ID_IPV4_ADDR

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Protocol Id: 0

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Port: 0

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Id Data: XXXXXXX

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: !DES and ! 3DES

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION 10: Sent fifth message of main mode

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in process of negotiation

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION peer 199.73.49.2: Received informational exchange message

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: Not DES and Not 3DES

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkeIsakmpGenHdrNtoH : Length field of 4294957034 exceeds max buffer size

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkePacketLog: IkeIsakmpGenHdrNtoH failed

      2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION decode error

        • Re: Ike Negotiation
          mick Visitor

          Have you tried enabling NAT-T on one or both sides?

           

          On the Netvanta go to IKE Configuration/NAT Translation and set it to "Allow V1" and  "Force V2" to see if this gets you to Quick Mode stage.

          --

          Regards,

          MIck