Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CRYPTO-4-RECVD_PKT_NOT_IPSEC

I configured Dual Hub IPSec with preshared keys over GRE Tunnels.

(1-st tunnel to Hub A, 2-nd tunnel to Hub B)

Tunnel to Hub A is up & down to Hub B. How can I fix it?

.

Follwing messages in log on spoke routers

*Mar 3 20:42:03.631: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC p

acket. (ip) vrf/dest_addr= /172.16.0.26, src_addr= 172.16.0.2, prot= 47

Hub A

Crypto Map "ua" 10 ipsec-isakmp

Peer = 172.16.0.26

Extended IP access list 150

access-list 150 permit gre host 172.16.0.50 host 172.16.0.26

Current peer: 172.16.0.58

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={ des, }

Interfaces using crypto map ua:

Serial0/0.200

Hub B

Crypto Map "ua" 10 ipsec-isakmp

Peer = 172.16.0.26

Extended IP access list 150

access-list 150 permit gre host 172.16.0.2 host 172.16.0.26

access-list 150 permit gre host 172.16.0.2 host 172.16.0.18

Transform sets={ des, }

Interfaces using crypto map ua:

Serial0/0.200

sh crypto isakmp sa

172.16.0.2 172.16.0.26 QM_IDLE 2 0

sh crypto engine connections active

2 Fa0/0.300 172.16.0.2 set HMAC_MD5+DES_56_CB 0 0

Spoke

Crypto Map "kiev" 10 ipsec-isakmp

Peer = 172.16.0.50

Peer = 172.16.0.2

Extended IP access list 115

access-list 115 permit gre host 172.16.0.26 host 172.16.0.50

access-list 115 permit gre host 172.16.0.26 host 172.16.0.2

Current peer: 172.16.0.50

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={

des,

}

Interfaces using crypto map kiev:

FastEthernet0

1 REPLY
Silver

Re: CRYPTO-4-RECVD_PKT_NOT_IPSEC

The issue looks more like an ACL issue. Is it possible to have symmetric ACLs on both routers

Refer to this link for more details

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093c26.shtml

357
Views
0
Helpful
1
Replies
CreatePlease to create content