Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
24209
Views
10
Helpful
1
Comments

User receives the error message "%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.(ip) dest_addr= [IP_address], src_addr= [IP_address], prot= [dec]."

TCC_2
Level 10
Level 10

on ‎06-22-2009 04:05 PM

Core issue

A packet is received that matches the encryption (crypto) map access control list (ACL), but is not IPsec-encapsulated. The IPsec peer sends unencapsulated packets. This condition can be caused by a policy setup error on the peer, or it might be considered a hostile event.

This error message might come up because of several reasons that include:

  • Mismatched crypto access list on two ends

  • Routing misconfiguration

Resolution

Complete these steps to resolve this issue:

1.  Match the access lists with the peer.

2.  Make sure that the same access list is not applied to two or more crypto map entries.

3.  Refrain from using the any any statement in the access list.

4. Check routing.

For more information,refer to IPSec Manual Keying Between Routers Configuration Example and Configuring GRE and IPSec with IPX Routing

Labels:
Comments
shiyamgra
Community Member
‎06-28-2012 03:17 AM

I had the same problem. But I check & verified that Crypto Map had not been applied to the WAN interface in one site

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents