cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Ike Negotiation

Getting the following error "CRYPTO_IKE.NEGOTIATION peer XXXXXXXX: InLength differs from IsakmpHdr field length 260 != 0 !"

Don't know what the other side is. Both sides seem to be configured the same. Don't know why I'm seeing !3DES and DES message as part of main mode 5th message.

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION <POLICY: 10> PAYLOADS: ID,HASH

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION   ID PAYLOAD

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     IANA No. for identifn: 1 -> ID_IPV4_ADDR

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Protocol Id: 0

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Port: 0

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION     Id Data: XXXXXXX

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: !DES and ! 3DES

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION 10: Sent fifth message of main mode

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in process of negotiation

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION peer 199.73.49.2: Received informational exchange message

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: Not DES and Not 3DES

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkeIsakmpGenHdrNtoH : Length field of 4294957034 exceeds max buffer size

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION IkePacketLog: IkeIsakmpGenHdrNtoH failed

2014.11.03 17:59:39 CRYPTO_IKE.NEGOTIATION decode error

0 Kudos
1 Reply

Re: Ike Negotiation

Have you tried enabling NAT-T on one or both sides?

On the Netvanta go to IKE Configuration/NAT Translation and set it to "Allow V1" and  "Force V2" to see if this gets you to Quick Mode stage.

--

Regards,

MIck