O'Reilly logo

CCIE Security Exam Certification Guide by Henry Benjamin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Scenario 5-1 Solutions

A1: The following debug output advises the network administrator of the problem:
22:58:55: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 131.108.255.1   failed it
s sanity check or is malformed....

During the IKE negotiation, the router reports a message that identifies the fault as the share password. R2 is configured with the password, CCIe (should match R1's pre-shared password set to CCIE). See example 5-21, and code line 7.

Changing the IKE password to CCIE with the IOS command, crypto isakmp key CCIE address 131.108.255.1, the following debug output confirms the IPSec connections by pinging from R2 Ethernet 0/0 IP address to R1 Ethernet 0/0 IP address:

R2#ping
Protocol [ip]:
Target IP address: 131.108.100.1 Repeat ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required