The %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should've been error message results from a portion of the Internet Key Exchange (IKE) being encrypted, and a portion being unencrypted. This message should have been encrypted, but was not.
The recommended action is to contact the remote peer.
Make sure that the Access Control Lists (ACLs) configured for the crypto map are mirror images of each other at opposite VPN endpoints. For example, if you have the access-list command on VPN router A, then VPN router B would need to be configured identically, as shown:
access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.2.0 0.0.0.255
This output shows how the VPN router B needs to be configured:
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.0.255access-list 101 permit ip 192.168.2.0 0.0.0.255 10.10.0.0 0.0.0.255
Note: Do not use the any keyword in crypto access-list commands.
If you still receive the same error message after you have configured the ACLs correctly, capture the VPN debugs on the remote end, and look for error messages there.
Hello. I have a FPR2110-NGFW-K9 that is running cisco-asa-fp2k.126.96.36.199.SPA however I have not yet installed the ASA application. The box is currently just running the fxos lfbff:
I am trying to access the Firepower Chassis Manager GUI. I hav...
Hi We have cisco switch. In order to access these switch (it may be old switch or old CRT) via ssh, some cipher need to change. Can we change these cipher via the command below to add or delete any of there cipher? the command is like below. I tried...
Hi All, I have configured RA VPN with anyconnect on my Cisco FDM. Whenever I connect to VPN, I have no internet access. What is missing?I also have another question. How can I relate a user to a specific group policy. for example I want user A to hav...
I have been attempting to set up user monitoring on our Cisco Firepower device so we can see usernames instead of IP addresses under monitoring. It works with the VPN connection but not for internal traffic. What could I be overlooking or does this requir...
My SNS-3615 is running ISE 3.1 patch-3 with FIPs mode DISABLED; --> Administration --> System --> Settings --> FIPs mode disabled. However, from the ISE 3.1 patch-3 server, whenever I ssh into my external CentOS-7 Linux server, that...