Hello Guys,

I have launched a Cisco CSR 1000v AX on AWS:

#show version
Cisco IOS XE Software, Version 16.09.01
Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 17-Jul-18 16:57 by mcpre

By the way, it looks like the technical support url is wrong.

I am trying to establish a site to site VPN connection between that device and a partner cisco ASA 5510 (according to the VPN form ). Below is my settings

ip access-list extended aclist_partner_x
  permit ip host 197.xx.xx.249 host 172.21.100.10
  permit ip host 172.21.100.10 host 197.xx.xx.249 
 
exit

crypto keyring keyring_partner_x
  local-address GigabitEthernet1
  pre-shared-key address 197.xx.xx.254 key xxxxxxxxxx
exit

crypto isakmp policy 10
  encryption aes 256
  authentication pre-share
  group 2
  lifetime 28800
  hash sha
exit

crypto isakmp profile profile_partner_x
  local-address GigabitEthernet1
  keyring keyring_partner_x
  match identity address 197.xx.xx.254
exit

crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
  mode tunnel
exit

crypto map map_partner_x 10 ipsec-isakmp
  match address aclist_partner_x
  set peer 197.xx.xx.254
  set transform-set ESP-AES256-SHA1
  set isakmp-profile profile_partner_x
  reverse-route static
  set reverse-route distance 10
exit

interface GigabitEthernet1
  crypto map map_partner_x
exit 
crypto isakmp keepalive 10 10 on-demand

show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

#show ip route
Gateway of last resort is 172.21.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 172.21.0.1, GigabitEthernet1
      172.21.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.21.0.0/24 is directly connected, GigabitEthernet1
L        172.21.0.30/32 is directly connected, GigabitEthernet1

#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.21.0.30 YES DHCP up up
VirtualPortGroup0 192.168.35.101 YES NVRAM up up

When tunnel wasn't coming I did a terminal monitor and it looks like below

Oct  6 14:43:12.871: %IOSXE-3-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000087224457044924 %IPSEC-3-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet, dest_addr= 197.xx.xx.249, src_addr= 172.21.100.10, prot= 1
*Oct  6 14:43:20.221: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: ec2-user] [Source: 41.242.136.40] [localport: 22] at 14:43:20 UTC Sat Oct 6 2018
*Oct  6 14:44:13.353: %IOSXE-3-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000087284938212829 %IPSEC-3-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet, dest_addr= 197.xx.xx.249, src_addr= 172.21.100.10, prot= 1
*Oct  6 14:45:13.836: %IOSXE-3-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000087345419675954 %IPSEC-3-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet, dest_addr= 197.xx.xx.249, src_addr= 172.21.100.10, prot= 1

I am not sure what I have missed or left out. I would be grateful if any one can point me to the right direction. Been battling with this since Friday 5th october 2018.

Thanks for reading and thanks in advance.