Chapter 5: troubleshooting, Introduction, Tools in case of trouble – Billion Electric Company CO1 User Manual
Page 37: A good network analyzer: ethereal, Vpn ipsec troubleshooting, Payload malformed » error (wrong phase 1 [sa]), Invalid cookie » error
 
Billion BiGuard VPN Client
Chapter 5: Troubleshooting
34
Chapter 5: Troubleshooting
Introduction
 
The goal of this section is to help IT Managers, system administrators or users facing VPN 
configuration issues of their IPSec VPN network. All information concerning VPN connection 
state, VPN trace or VPN Logs can be found in the "Console" Window of BiGuard VPN Client. 
 
 
Tools in case of trouble
 
Configuring an IPSec VPN tunnel can be a hard task. One missing parameter can prevent a 
VPN connection from being established. Some tools are available to find source of troubles 
during a VPN establishment. 
 
A good network analyzer: ethereal
Ethereal is free software that can be used for packet and traffic analysis. It shows IP or TCP 
packets received on a network card. This tool is available on website: 
http://www.ethereal.com/
.
It can be used to follow protocol exchange between two devices. For installation and use details, 
read its specific documentation. 
 
 
VPN IPSec Troubleshooting
« PAYLOAD MALFORMED » error (wrong Phase 1 [SA])
114915 Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr 
114915 Default sysdep_app_open: IPV4_SUBNET Network 192.168.1.1 
114915 Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0 
114920 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID] 
114920 Default (SA Cnx-P1) RECV phase 1 Main Mode [NOTIFY] 
114920 Default exchange_run: exchange_validate failed 
114920 Default dropped message from 195.100.205.114 port 500 due to notification 
type PAYLOAD_MALFORMED 
114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error 
 
If you have an « PAYLOAD MALFORMED » error you might have a wrong Phase 1 [SA], check 
if the encryption algorithms are the same on each side of the VPN tunnel. 
 
« INVALID COOKIE » error
115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105 
115933 Default dropped message from 195.100.205.114 port 500 due to notification 
type INVALID_COOKIE 
115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error 
 
If you have an « INVALID COOKIE » error, it means that one of the endpoint is using a SA that 
is no more in use. Reset the VPN connection on each side.