CCIE Security Exam Certification Guide

Scenario 5-1 Solutions

A1:

The following debug output advises the network administrator of the problem:

22:58:55: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 131.108.255.1   failed it
s sanity check or is malformed....

During the IKE negotiation, the router reports a message that identifies the fault as the share password. R2 is configured with the password, CCIe (should match R1's pre-shared password set to CCIE). See example 5-21, and code line 7.

Changing the IKE password to CCIE with the IOS command, crypto isakmp key CCIE address 131.108.255.1, the following debug output confirms the IPSec connections by pinging from R2 Ethernet 0/0 IP address to R1 Ethernet 0/0 IP address:

R2#ping
Protocol [ip]:
Target IP address: 131.108.100.1 Repeat ...

Get CCIE Security Exam Certification Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Security Exam Certification Guide by Henry Benjamin

Scenario 5-1 Solutions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly