Manualshelf

User guide

ManualsBrandsCisco ManualsComputer equipmentRV220W
78910111213141516
12
Property of TheGreenBow Sistech S.A. © 2014
IPsec VPN Router Configuration
Configuration Guide
5 VPN IPsec Troubleshooting
5.1 “PAYLOAD MALFORMED” error (wrong Phase 1 [SA])
114920 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID]
114920 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [NOTIFY]
114920 Default exchange_run: exchange_validate failed
114920 Default dropped message from 195.100.205.114 port 500 due to notification type
PAYLOAD_MALFORMED
114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
If you have an “PAYLOAD MALFORMED” error you might have a wrong Phase 1 [SA], check if the encryption
algorithms are the same on each side of the VPN tunnel.
5.2 “INVALID COOKIE” error
115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105
115933 Default dropped message from 195.100.205.114 port 500 due to notification type
INVALID_COOKIE
115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error
If you have an “INVALID COOKIE” error, it means that one of the endpoint is using a SA that is no more in use.
Reset the VPN connection on each side.
5.3 no keystate error
115315 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID]
115317 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID]
115317 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE]
115319 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE]
115319 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
115319 Default IPsec_get_keystate: no keystate in ISAKMP SA 00B57C50
Check if the preshared key is correct or if the local ID is correct (see “Advanced” button). You should have
more information in the remote endpoint logs.
5.4 received remote ID other than expected” error
120348 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID]
120349 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID]
120349 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE]
120351 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE]
120351 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default ike_phase_1_recv_ID: received remote ID other than expected
support@thegreenbow.fr
The “Remote ID” value (see “Advanced” Button) does not match what the remote endpoint is expected.