packet (5) shorter than isakmp header size. - LINUX Clients

Hi Mystique,

I really forgot this thread...I gave up, but now when I saw your answer I'm back again with this issue:

> tail follow yes mp-log ikemgr.log

2014-11-06 16:50:19 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 16:50:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:50:50 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:50:53 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:51:30 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:31 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:52:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:34 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:36 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:53:52 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:08 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:38 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:54:56 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b37c7eed6e74ad9e e5ceed8c5d35b1ca (size=16).

2014-11-06 16:54:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:18 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 16:55:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:55:31 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:09 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:35 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:50 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:56:55 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:36 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:57:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:54 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:58:58 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:07 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:08 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:16 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:28 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 16:59:57 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b37c7eed6e74ad9e e5ceed8c5d35b1ca (size=16).

2014-11-06 17:00:15 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:18 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=18c085e04b4db9a9 3ffcba454d505765 (size=16).

2014-11-06 17:00:27 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:37 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:47 [PROTO_ERR]: packet (5) shorter than isakmp header size.

2014-11-06 17:00:56 [PROTO_ERR]: packet (5) shorter than isakmp header size.

Thanks!!!!!

Esteban

Hello Esteban,

Could you take a packet capture on the PAN firewall to verify the ISAKMP header size.

Thanks

Hi HULK,

Sure I can. What kind of filters do you recomend to get this info?

Thanks!

Esteban

I see the same errors on my firewall with vpnc Linux clients connecting. Have you come up with a solution yet? I'm currently running 6.0.7

The "packet (5) shorter than isakmp header size." messages are generated by those ISAKMP messages of length 47.

These are VPNC NAT Keep Alive messages, and are sent every 10 seconds by each VPNC connected client.

A workaround would be to turn off NAT Keep Alives for VPNC, though I have not found a way to do this.

The solution would be to have the ability to suppress these alerts on the logs. For this, an FR needs to be filed.

Please contact your Palo Alto Networks SE to have an FR filed.

If you didn't know who the SE for your account was, please contact your sales representative, or Support, to assist you in finding the correct SE for your account.