02-03-2011 10:51 AM
I am having issues bringing up a tunnel between a cisco 861 router and Cisco 2851 router. Tunnel has been dropping every week atleast once or twice. Usually router reboot fixes it but today it is just not coming back up.
I have updated the IOS on the remote, reloaded the config still no use. It seems like it is partially coming up but I see the following two messages on the main router:
1- Death by retransmission P1
2- 11:03:03.789: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 12.234.109.169 was not encrypted and it should've been
I have checked the config on both routers it is the same as the VPN was up and we didn't make any changes on either of the two routers.
02-03-2011 10:59 AM
Hi,
I've seen this error %CRYPTO-6-IKMP_NOT_ENCRYPTED when the interesting traffic does not match on both ends.
The router is receiving a packet that should have been encrypted (according to its own policies), but was received unencrypted by the peer.
A mismatch on interesting traffic might still allow the tunnel to work, but as well might cause some problems, you might want to check the ACLs on both ends to make sure is a mirror.
Federico.
02-23-2011 01:05 PM
Yes ACL's on both sides match they only have 3 lines in there and they exactly match.
02-23-2011 01:13 PM
That's weird because the router is reporting otherwise.
Could you share your configurations?
Federico.
02-23-2011 01:15 PM
I know, but if I reboot the router at the remote end it will come back up. I'll see if I can post the configurations here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide