Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)

Izuchukwu Edeh

I am trying to configure ipsec Site-to-site VPN between the Head and branch offices. The Head office is a Sophos UTM SG 210 configured as the responder (Repond-Only), and the branch Firewall is a Sophos XGS configured as the initiator.

The Head office SG210 firewall had three other site-to-site VPN connections all in respond-Only mode to the SG210

After the configuration was established the following error Log kept showing:

NAT-Traversal: Result using RFC 3947: no NAT detected
#37767: next payload type of ISAKMP Identification Payload has an unknown value: 187
#37767: Preshared secret failed to decrypt message. Trying next one.
#37767: next payload type of ISAKMP Identification Payload has an unknown value: 93
#37767: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
#37767: sending encrypted notification PAYLOAD_MALFORMED to 188.155.89.10:500
#37767: next payload type of ISAKMP Identification Payload has an unknown value: 93
#37767: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
Please I need help with the solution


This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, looks like a policy mismatch, request you to disable data compression, PFS and try again. I'd recommend create a custom policy rather than using any default policy.  And may we know firmware version currently active on SG 210 ? 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Izuchukwu Edeh

    Hey  the keylife of phase 1 for UTM 9 is 7800 where as on XG it is set to 3600

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Izuchukwu Edeh

    The above pictures are the configurations of the two firewalls. Current firmware version:9.718-5Your firmware is up to date.

    The XGS firewall is an Azure NVA.

  • 0 in reply to Vivek Jagad

    I have set the keylife  phase 1 to 7800 and phase 2 to 3600 on both firewalls but I still get the same error 

     responding to Main Mode from unknown peer 188.xx.xx.10
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: ignoring Vendor ID payload [404bf439522ca3f6]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: received Vendor ID payload [XAUTH]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: ignoring Vendor ID payload [da8e937880010000]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: received Vendor ID payload [Dead Peer Detection]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: NAT-Traversal: Result using RFC 3947: no NAT detected
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 164
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: Preshared secret failed to decrypt message. Trying next one.
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
Reply
  • 0 in reply to Vivek Jagad

    I have set the keylife  phase 1 to 7800 and phase 2 to 3600 on both firewalls but I still get the same error 

     responding to Main Mode from unknown peer 188.xx.xx.10
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: ignoring Vendor ID payload [404bf439522ca3f6]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: received Vendor ID payload [XAUTH]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: ignoring Vendor ID payload [da8e937880010000]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: received Vendor ID payload [Dead Peer Detection]
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: NAT-Traversal: Result using RFC 3947: no NAT detected
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.59.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 164
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: Preshared secret failed to decrypt message. Trying next one.
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:24 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:29 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: next payload type of ISAKMP Identification Payload has an unknown value: 160
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
    2024:01:24-10:16:41 fw01-2 pluto[9147]: "S_Azurecloud"[216] 188.xx.xx.10 #38366: sending encrypted notification PAYLOAD_MALFORMED to xx.xx.59.10:500
Children
Unfiltered HTML