The %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should've been error message results from a portion of the Internet Key Exchange (IKE) being encrypted, and a portion being unencrypted. This message should have been encrypted, but was not.
The recommended action is to contact the remote peer.
Make sure that the Access Control Lists (ACLs) configured for the crypto map are mirror images of each other at opposite VPN endpoints. For example, if you have the access-list command on VPN router A, then VPN router B would need to be configured identically, as shown:
access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.2.0 0.0.0.255
This output shows how the VPN router B needs to be configured:
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.0.255access-list 101 permit ip 192.168.2.0 0.0.0.255 10.10.0.0 0.0.0.255
Note: Do not use the any keyword in crypto access-list commands.
If you still receive the same error message after you have configured the ACLs correctly, capture the VPN debugs on the remote end, and look for error messages there.
Hi AllAfter installing the new Firewall- Cisco Adaptive Security Appliance Software Version 9.15(1) and installing VPN AnyConnect and I have IPCom to remote user we still getting traffic voice problems. The call can be completed, but there is no voice tra...
Hello, Trying to install IPS on C1100 platform been having no such luck, Guides are for 4K series ISR, unable to find an OVA for c1100, there is a TAR file but no OVA on it, also no such luck in following IOx guide not sure if I'm doing it correctly....
We've deployed FTD HA managed by FMC in our DC and it was running normal until the secondary FTD state become disabled itself a few days ago.We've no idea why the secondary FTD went disabled by itself but we planned to work with TAC while applying for DC ...