Hash Payload Incorrect on Log Viewer in NetScreen-Remote (KB ID: KB6258)
| Article ID: | KB6258 |
|---|---|
| Former Article ID: | nskb429 |
| Published: | Apr 26, 2008 |
| Last Modified: | Apr 26, 2008 |
| Visible By: | Employee, PTAC, Partner, Customer, Public |
Back to Previous Page | Knowledge Base Home
Article URL
Synopsis
Hash Payload Incorrect on Log Viewer in NetScreen-Remote
Problem
Environment
- IKE Phase 1 fails and VPN does not connect
- Pre-shared key entered on NetScreen-Remote with more than 32 characters
- Hash payload incorrect on log viewer in NetScreen-Remote
- IKE Phase 1 fails, and VPN does not connect
- Unable to connect to My Connections\New Connection. Please check log for further details.
- IKE
<1.1.1.1>Receive INFO pkt with message id before phase 1 auth is done.
Ingore the pkt
Solution
"Hash Payload incorrect" message in the log viewer in NetScreen-Remote (NSR) usually indicates a mismatch on the pre-shared secret between NetScreen-Remote and the Firewall. There are few possible causes for this:
- Typo on the pre-shared secret. Re-enter the pre-shared secret on NSR and the firewall.
OR - Firewall pre-shared key only supports up to 32 characters. Reduce the pre-shared key length to 32 or less.
OR - Pre-shared key on the Firewall side has Pre-shared Key "Use as Seed". De-select the "Use as Seed" option.
Additional Information:
If you look at the configuration file, and see the "seed-preshare" in the "set ike gateway" line, this is using the "Use as Seed" option. The resolution is to change this to preshare.
Category Description
By Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems » ScreenOS Software
By Product » Software » VPN Clients
Purpose
Troubleshooting