Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

User receives the error message "%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.(ip) dest_addr= [IP_address], src_addr= [IP_address], prot= [dec]."

Core issue

A packet is received that matches the encryption (crypto) map access control list (ACL), but is not IPsec-encapsulated. The IPsec peer sends unencapsulated packets. This condition can be caused by a policy setup error on the peer, or it might be considered a hostile event.

This error message might come up because of several reasons that include:

  • Mismatched crypto access list on two ends

  • Routing misconfiguration

Resolution

Complete these steps to resolve this issue:

1.  Match the access lists with the peer.

2.  Make sure that the same access list is not applied to two or more crypto map entries.

3.  Refrain from using the any any statement in the access list.

4. Check routing.

For more information,refer to IPSec Manual Keying Between Routers Configuration Example and Configuring GRE and IPSec with IPX Routing

Comments
Community Member

I had the same problem. But I check & verified that Crypto Map had not been applied to the WAN interface in one site

22600
Views
10
Helpful
1
Comments