12-09-2003 04:43 PM - edited 02-20-2020 11:08 PM
I know routers and switches quite well, but I'm weak with the PIX OS. Given the config below, can anybody tell me why I can't telnet to the inside interface from a device on the inside network? I get this error: "402106: Rec'd packet not an IPSEC packet"
Here's the config:
PIX Version 5.2(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif gb-ethernet0 intf2 security10
nameif gb-ethernet1 intf3 security15
enable password xxxxx
passwd xxxxx
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface gb-ethernet0 1000auto shutdown
interface gb-ethernet1 1000auto shutdown
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
ip address outside 127.0.0.1 255.255.255.255
ip address inside 10.1.1.205 255.255.255.0
ip address intf2 127.0.0.1 255.255.255.255
ip address intf3 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address intf2 0.0.0.0
failover ip address intf3 0.0.0.0
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:xxxxx
Thanks in advance!
Kevin
12-10-2003 12:40 AM
Kevin,
That log ID 402106 relates to the following:
"Log Message %PIX-4-402106: Rec'd packet not an IPSEC packet"
Explanation:-
Received packet matched crypto map ACL, but is not IPSEC-encapsulated. IPSEC Peer is sending unencapsulated packets. This may occur because of a policy setup error on the peer. This may also be a hostile event.
Recommended Action
Contact the peer's administrator to compare policy settings.
Hope this helps and let me know how you get on - Jay.
12-10-2003 04:45 PM
upgrade the os may help. 5.2(3) is very old by now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: