ipsec: invalid reply

nwizard · June 22, 2021, 1:22pm

I have the follow setup:
Cisco ASR1001-x - Mikrotik RB750Gr3 IKEv2 IPSec with certificates.
During peers authentication with Cisco certificate I see “IPSec trailing data after last payload @1be” message in Mikrotik IPSec debug following “invalid reply” and “killing ikev2 SA” then.

The crypto ikev2 sa status is ready on Cisco side.
Question is: Have someone met the same error ?

cbka · June 22, 2021, 1:42pm

hi

have u tried enabling ipsec debugging on mikrotik side ?

nwizard · June 22, 2021, 1:46pm

obviously, yes
As this message from Mikrotik side.

cbka · June 22, 2021, 1:47pm

sorry for that .. must have missed that part…

maybe can u post the log output ?