RE: Need help on VPN problem

From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Fri Mar 25 2005 - 18:41:56 GMT-3

If you could provide the config for both sides, someone may be able to spot
the problem.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
NGUYEN Trung
Sent: Thursday, March 24, 2005 9:07 PM
To: Cisco certification
Subject: Need help on VPN problem

Hi Group,
I have the problem of connectivity when i'm trying to configure VPN
site-to-site on PIX 515e
The messsages below show "illegal udp len" but i don't really know its
meaning.
Anyone know how to make it work ?

TIA.

N.Trung

=========
pix(config)#sh crypto isakmp sa
Total : 1
Embryonic : 0
        dst src state pending created
 213.113.140.202 200.245.4.11 QM_IDLE 0 0
pix(config)#
ISAKMP (0): beginning Quick Mode exchange, M-ID of 1828927440:6d0337d0
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP (0): processing NOTIFY payload 14 protocol 0
        spi 0, message ID = 1398403888
return status is IKMP_NO_ERR_NO_TRANS
ISAKMP (0): retransmitting phase 2 (1/0)... mess_id 0x3dca3e9e
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP: illegal udp len

crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP: illegal udp len

ISAKMP (0): retransmitting phase 2 (0/0)... mess_id 0x6d0337d0
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP: illegal udp len

ISAKMP (0): retransmitting phase 2 (2/0)... mess_id 0x3dca3e9e
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00ISAKMP (0): retransmitting phase 2 (1/1)... mess_id 0x8d825ad2
ISAKMP (0): beginning Quick Mode exchange, M-ID of -1855015523:916eb59d
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP: illegal udp len

crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP (0): processing NOTIFY payload 14 protocol 0
        spi 0, message ID = 3921451065
return status is IKMP_NO_ERR_NO_TRANS
crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
dpt:5
00
ISAKMP (0): processing DELETE payload. message ID = 2505911899, spi size =
16
ISAKMP (0): deleting SA: src 200.245.4.11, dst 213.113.140.202
return status is IKMP_NO_ERR_NO_TRANS
ISADB: reaper checking SA 0xf52dac, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:213.113.140.202/500 Ref cnt decremented to:0 Total
VPN
 Peers:1
VPN Peer: ISAKMP: Deleted peer: ip:213.113.140.202/500 Total VPN peers:0

pix(config)# sh crypto isakmp sa
Total : 0
Embryonic : 0
        dst src state pending created
pix(config)#

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3