Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
User receives the IKE packet from [IP_address] was not encrypted and it should've been error message
The %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should've been error message results from a portion of the Internet Key Exchange (IKE) being encrypted, and a portion being unencrypted. This message should have been encrypted, but was not.
The recommended action is to contact the remote peer.
Make sure that the Access Control Lists (ACLs) configured for the crypto map are mirror images of each other at opposite VPN endpoints. For example, if you have the access-list command on VPN router A, then VPN router B would need to be configured identically, as shown:
access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.2.0 0.0.0.255
This output shows how the VPN router B needs to be configured:
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.0.255access-list 101 permit ip 192.168.2.0 0.0.0.255 10.10.0.0 0.0.0.255
Note: Do not use the any keyword in crypto access-list commands.
If you still receive the same error message after you have configured the ACLs correctly, capture the VPN debugs on the remote end, and look for error messages there.