PIX Config - Problem with Telnet

Kevin Love — Fri, 21 Feb 2020 07:08:50 GMT

I know routers and switches quite well, but I'm weak with the PIX OS. Given the config below, can anybody tell me why I can't telnet to the inside interface from a device on the inside network? I get this error: "402106: Rec'd packet not an IPSEC packet"

Here's the config:

PIX Version 5.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif gb-ethernet0 intf2 security10

nameif gb-ethernet1 intf3 security15

enable password xxxxx

passwd xxxxx

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

interface gb-ethernet0 1000auto shutdown

interface gb-ethernet1 1000auto shutdown

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

ip address outside 127.0.0.1 255.255.255.255

ip address inside 10.1.1.205 255.255.255.0

ip address intf2 127.0.0.1 255.255.255.255

ip address intf3 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address intf2 0.0.0.0

failover ip address intf3 0.0.0.0

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

isakmp identity hostname

telnet 10.1.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:xxxxx

Thanks in advance!

Kevin

Re: PIX Config - Problem with Telnet

jmia — Wed, 10 Dec 2003 08:40:12 GMT

Kevin,

That log ID 402106 relates to the following:

"Log Message %PIX-4-402106: Rec'd packet not an IPSEC packet"

Explanation:-

Received packet matched crypto map ACL, but is not IPSEC-encapsulated. IPSEC Peer is sending unencapsulated packets. This may occur because of a policy setup error on the peer. This may also be a hostile event.

Recommended Action

Contact the peer's administrator to compare policy settings.

Hope this helps and let me know how you get on - Jay.

Re: PIX Config - Problem with Telnet

jackko — Thu, 11 Dec 2003 00:45:43 GMT

upgrade the os may help. 5.2(3) is very old by now.

topic PIX Config - Problem with Telnet in Network Security

PIX Config - Problem with Telnet

Re: PIX Config - Problem with Telnet

Re: PIX Config - Problem with Telnet