Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Hi Everyone.

I was making some changes in  routers and after I rolled back configuration  a gre tunnel won't work. It's GRE Tunnel between a Cisco 7600 and Cisco 2851.

It seems like 7600 sent packets unencrypted.

On C2851 is received this message:

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

        (ip) vrf/dest_addr= /10.0.0.10, src_addr= 10.0.0.18, prot= 47

Could you check configuration attached and give any advise.

Thank you.

Everyone's tags (2)
6 REPLIES

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Please change your ACL data type to IP instead of GRE on both ACL below.

ip access-list extended acl_crypto_KS_pronet

permit gre host 10.0.0.18 host 10.0.0.10

ip access-list extended acl_crypto_HO_pronet

permit gre host 10.0.0.10 host 10.0.0.18

your authentication is not pre-share ?

crypto isakmp policy 32

encr aes 192

authentication rsa-encr

group 2

Community Member

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Thank you for you response it doesn't work. I wanted to say that it has worked before and yes it is not preshare.

Community Member

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

I went through the configuration and think all required components are in there.

I would say that we should check routing.

Error message means that packet recieved as per local policy should have been a IPSEC encrypted packet however it was a plain text packet.

going further:

* Please check if tunnel is up and share show crypto ipsec sa from either end.

* please check if the packets leaving other end are taking right exit interface and if yes are they encrypted or not. you can check this with the help of ACL (disabling CEF if this is not into production and there is no MPLS link involved).

Cisco Employee

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Your config looks good.

If you're getting unencrypted packets on the 2800. that means something is wrong on the cat7k. Is the peer reached via the crypto connect vlan? Can you check that?

Cheers,

Community Member

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Hi Everybody.

Thank you for taking your time.

I solved the problem by hardware reset to cisco 7600.

I didn't want to do that but like Microsoft and Cisco need a Reload.

Cisco Employee

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Wierd - A reload should never be necessary. Anyway... if it's fixed then it's fixed :-)

5353
Views
5
Helpful
6
Replies
CreatePlease to create content