packet (5) shorter than isakmp header size. - LINUX Clients

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

packet (5) shorter than isakmp header size. - LINUX Clients

L1 Bithead

Hi,

We configured remote vpn access in our PA-3020, and we are experiencing some issues with Linux clients. People who are using Global-Protect client work fine, but people who use vpnc client suffer service disruption in SSH or using GIT repositories.

The logs that we have in the system shows this:

  'packet (5) shorter than isakmp header size.'

isakmp-error.PNG.png

Does anyone know about this issue and how could we fix it?

Thank you in advance,

Esteban

8 REPLIES 8

L1 Bithead

Hi,

we have the same informational logs. Our configuration is very similar, clients using vpnc clients for connecting trough a tunnel with a PA5050, PANOS 5.0.8, we are near of upgrade to PANOS 6-03, we will see if if the problem persist.

Thank you.

Carlos.

L2 Linker

Hello ecardona,


The ISAKMP header is supposed to be 28 bytes, so I think this message is saying that a header received is smaller than 28 bytes.

'packet (5) shorter than isakmp header size.'

Please share output of below command when you are trying to connect via VPNC client

> tail follow yes mp-log ikemgr.log

Thanks.

Hi Mystique,

I really forgot this thread...I gave up, but now when I saw your answer I'm back again with this issue:

> tail follow yes mp-log ikemgr.log

2014-11-06 16:50:19 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 16:50:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:50:50 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:50:53 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:30 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:31 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:34 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:36 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:52 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:08 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:38 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:56 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b37c7eed6e74ad9e e5ceed8c5d35b1ca (size=16).

2014-11-06 16:54:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:18 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 16:55:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:31 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:09 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:35 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:50 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:55 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:36 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:54 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:58 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:08 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:16 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b37c7eed6e74ad9e e5ceed8c5d35b1ca (size=16).

2014-11-06 17:00:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:18 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 17:00:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

Thanks!!!!!

Esteban

Hello Esteban,

Could you take a packet capture on the PAN firewall to verify the ISAKMP header size.

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!