×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CRYPTO-4-RECVD_PKT_NOT_IPSEC

Unanswered Question
Nov 21st, 2005
User Badges:

I configured Dual Hub IPSec with preshared keys over GRE Tunnels.

(1-st tunnel to Hub A, 2-nd tunnel to Hub B)


Tunnel to Hub A is up & down to Hub B. How can I fix it?


.

Follwing messages in log on spoke routers


*Mar 3 20:42:03.631: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC p

acket. (ip) vrf/dest_addr= /172.16.0.26, src_addr= 172.16.0.2, prot= 47


Hub A


Crypto Map "ua" 10 ipsec-isakmp

Peer = 172.16.0.26

Extended IP access list 150

access-list 150 permit gre host 172.16.0.50 host 172.16.0.26

Current peer: 172.16.0.58

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={ des, }

Interfaces using crypto map ua:

Serial0/0.200


Hub B

Crypto Map "ua" 10 ipsec-isakmp

Peer = 172.16.0.26

Extended IP access list 150

access-list 150 permit gre host 172.16.0.2 host 172.16.0.26

access-list 150 permit gre host 172.16.0.2 host 172.16.0.18

Transform sets={ des, }

Interfaces using crypto map ua:

Serial0/0.200


sh crypto isakmp sa

172.16.0.2 172.16.0.26 QM_IDLE 2 0


sh crypto engine connections active

2 Fa0/0.300 172.16.0.2 set HMAC_MD5+DES_56_CB 0 0



Spoke


Crypto Map "kiev" 10 ipsec-isakmp

Peer = 172.16.0.50

Peer = 172.16.0.2

Extended IP access list 115

access-list 115 permit gre host 172.16.0.26 host 172.16.0.50

access-list 115 permit gre host 172.16.0.26 host 172.16.0.2

Current peer: 172.16.0.50

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={

des,

}

Interfaces using crypto map kiev:

FastEthernet0



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion