[c-nsp] ISAKMP: illegal udp len

[Andriy Malyuk]

Hello Cisco Community,
I'm having a weird problem with Site-to-Site VPN between two PIX 506e
devices and most likely because one of them is behind NAT.
Here is relevant config snippet (security sensitive info is obscured):

access-list outside_vpn_acl permit ip x.x.x.x 255.255.0.0 y.y.y.y
255.255.0.0
access-list inside_outbound_no_nat permit ip x.x.x.x 255.255.0.0 y.y.y.y
255.255.0.0
crypto ipsec transform-set strong esp-3des esp-sha-hmac
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_no_nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
isakmp nat-traversal 60
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp key **************** address z.z.z.z netmask 255.255.255.255 no-xauth
crypto map cm_outside 35 ipsec-isakmp
crypto map cm_outside 35 match address outside_vpn_acl
crypto map cm_outside 35 set peer z.z.z.z
crypto map cm_outside 35 set transform-set strong
crypto map cm_outside interface outside

PIX on the other end(behind NAT) is configured the same way, peer and acls
differences respected.

and here is what I get when debugging isakmp on my device:

ISAKMP msg received
crypto_isakmp_process_block:src:z.z.z.z, dest:<my outside ip> spt:63887
dpt:4500
ISAKMP: illegal udp len

SESSION_IDLE_TIMER

ISAKMP msg received
crypto_isakmp_process_block:z.z.z.z, dest:<my outside ip> spt:64849 dpt:4500
ISAKMP: illegal udp len

I'm getting frustrated as hours of searching the Internet for solution
yielded no results, so any help with this is very much appreciated.

Thanks in advance,
Andriy