Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
2
Replies

PIX Config - Problem with Telnet

Kevin Love
Level 1
Level 1

‎12-09-2003 04:43 PM - edited ‎02-20-2020 11:08 PM

I know routers and switches quite well, but I'm weak with the PIX OS. Given the config below, can anybody tell me why I can't telnet to the inside interface from a device on the inside network? I get this error: "402106: Rec'd packet not an IPSEC packet"

Here's the config:

PIX Version 5.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif gb-ethernet0 intf2 security10

nameif gb-ethernet1 intf3 security15

enable password xxxxx

passwd xxxxx

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

interface gb-ethernet0 1000auto shutdown

interface gb-ethernet1 1000auto shutdown

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

ip address outside 127.0.0.1 255.255.255.255

ip address inside 10.1.1.205 255.255.255.0

ip address intf2 127.0.0.1 255.255.255.255

ip address intf3 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address intf2 0.0.0.0

failover ip address intf3 0.0.0.0

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

isakmp identity hostname

telnet 10.1.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:xxxxx

Thanks in advance!

Kevin

0 Helpful
2 Replies 2

jmia
Level 7
Level 7

‎12-10-2003 12:40 AM

Kevin,

That log ID 402106 relates to the following:

"Log Message %PIX-4-402106: Rec'd packet not an IPSEC packet"

Explanation:-

Received packet matched crypto map ACL, but is not IPSEC-encapsulated. IPSEC Peer is sending unencapsulated packets. This may occur because of a policy setup error on the peer. This may also be a hostile event.

Recommended Action

Contact the peer's administrator to compare policy settings.

Hope this helps and let me know how you get on - Jay.

0 Helpful

jackko
Level 7
Level 7

‎12-10-2003 04:45 PM

upgrade the os may help. 5.2(3) is very old by now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card