Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Invalid Message ID 1

Status
Not open for further replies.
achilleus

achilleus

IS-IT--Management
Oct 3, 2001
351
US
Thanks in advance for any help you can offer.

We are using NetScreen-25 (5.4.0r6.0 Firewall+VPN). I have configured a VPN connection to one of our VP's Linksys WRVS4400N.

The connection works for awhile, but eventually starts producing the following error on the NetScreen log:

IKE<XX.XXX.XX.XX>: Received a notification message for DOI <1> <9> <INVALID-MESSAGE-ID>.

Once this message starts appearing, the connection goes down. It can be resestablished by clicking connect on the Linksys. But it happens again at some point.

Any idea what step I missed in the setup?

Thanks again!

AJ
SA
HS
 
Sort by date Sort by votes
Hi,

Does the Linksys use a static IP? If not, is the VPN configured for Agressive mode? Let me know.

Rgds,

John
 
Upvote 0 Downvote
Thanks for the reply Packet7.

The Linksys uses a dynamic IP. The IP hasn't changed in the month or so since we set this up.

The Linksys was set to use aggressive, but the NetScreen (under AutoKey Advanced > Gateway > Remote VPN Gateway Name > Advanced) was set to Main (ID Protection).

I set it to aggressive now. Should that make a difference?

Thanks again!


AJ
SA
HS
 
Upvote 0 Downvote
Also, and I'm not certain if this is the problem...

We set the Remote Gateway up on the NetScreen side as using a Static IP Address. Even though it is dynamic. However, the address doesn't seem to change. So I've left it as static instead of using the dynamic setting and Peer ID.



AJ
SA
HS
 
Upvote 0 Downvote
Hi,

I would set this up as agressive and use the Peer ID. The downside to this approach is that the Linksys must generate the rekey. However, it should become stable. If you had a netscreen at the remote office, you could configure the re-key option. Not sure if the Linksys has this option.

Rgds,

John
 
Upvote 0 Downvote
Thanks John.

I'll give that a try. It appears that the Linksys does not have any configuration options for re-key.

I find myself wishing I had suggested a Netgear instead. From what I've read, they seem to work better with NetScreen.

Thanks again!

AJ
SA
HS
 
Upvote 0 Downvote
Anytime. I have yet to try this with a Netgear. But have had success with other Netscreens, Cisco PIX and SonicWall.

Rgds,

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

plim81
  • Locked
  • Question
Win 7 - Sonicwall Client - Received invalid ID information notify
Replies
1
Views
134
joepc
joepc
kzn
  • Locked
  • Question
Error communicating with Firebox 10.0.0.1. IO_ERROR: Message processing timeout. Please try again
Replies
2
Views
106
kzn
kzn
wcummings
  • Locked
  • Question
Pgp newbie with and invalid license
Replies
0
Views
51
wcummings
wcummings
akacommie
  • Locked
  • Question
Text Message and Mobile Email Encyption Product
Replies
0
Views
46
akacommie
akacommie
santjosh
  • Locked
  • Question
Use of SNMP engine ID in v3.
Replies
0
Views
48
santjosh
santjosh

Part and Inventory Search

Sponsor

Back
Top