%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
The first issue that I note is that you have applied the crypto map on the tunnel interface as well as on the physical interface. While there are perhaps still some examples that show this they are based on the operation of quite old IOS versions. The code that you are now running expects the crypto map to be applied only on the physical interface. I suggest that you remove the crypto map from the tunnel interfaces. Try that and let us know if the behavior changes.
I have not applied a crypto map to a loopback interface and so can not speak from experience about this. From a syntax perspective I would expect that the commands to apply the crypto map to a loopback interface would be accepted. I am not clear why you would want to do this and not sure how it would work.
In my original response I talked about applying the crypto map on tunnel interface and on physical interface because that is what was being done in the original post. Perhaps it would be beneficial to refine my explanation and talk about applying the crypto map on the exit interface (and take "physical" out of consideration). It is not very important whether the interface is physical or virtual. What is important is that it is the interface through which the packet is forwarded out of the device. So I would expect that the crypto map could be applied successfully on a physical interface, on an SVI, or on a loopback interface, as long as that interface is the interface through which the encrypted packets will be sent.
Remember that what is happening is that IOS examines packets as they are sent out the interface and if a crypto map is applied to that interface then IOS evaluates whether the packet matches the conditions of the crypto map and determines whether the packet should be encrypted or not.
So is your loopback interface the exit interface for encrypted traffic?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :