The %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should've been error message results from a portion of the Internet Key Exchange (IKE) being encrypted, and a portion being unencrypted. This message should have been encrypted, but was not.
The recommended action is to contact the remote peer.
Make sure that the Access Control Lists (ACLs) configured for the crypto map are mirror images of each other at opposite VPN endpoints. For example, if you have the access-list command on VPN router A, then VPN router B would need to be configured identically, as shown:
access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.2.0 0.0.0.255
This output shows how the VPN router B needs to be configured:
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.0.255access-list 101 permit ip 192.168.2.0 0.0.0.255 10.10.0.0 0.0.0.255
Note: Do not use the any keyword in crypto access-list commands.
If you still receive the same error message after you have configured the ACLs correctly, capture the VPN debugs on the remote end, and look for error messages there.
We are trying to configure Cisco Phones with a VPN to connect to our VPN Cluster. We are using Cisco 8851 phones. We have 2 VPN clusters. One contains 6 ASAs and the other contains 3. Those are in geographically separated data cent...
Hi Team, I am trying to upgrade ISE from v2.4 to 2.7 currenlty and am stuck at an annoying part where I am unable to get upgrade bundle copied over from a Windows Server based SFTP repository to ISE local disk. The port 22 communication is...
Hi,I would like to ask for experts' opinion on how to address the following design scenario: We currently rely on Posture (Anyconnect based) for NAC via ISE for granting endpoint access to our network (per VPN as well as WLC based) based on a given s...
Hi guys,Running ACS v5.8 and created an admin account in the ReadOnlyAdmin role but when they try and login to web gui(https://<ip address>/acsadmin) they get Access Denied. If I make them a SuperUser they get on fine........any ideas for ReadOnlyAd...