Hello Guys,
I am unable to contact cisco router and Firewall. getting error: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /160.1.1.1, src_addr= 150.1.1.1, prot= 1.
I saw packets are not getting decrypted....
Below are ISAKMP and IPSEC configuration:
vIOS-PK-02#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
136.1.122.2 136.1.122.12 QM_IDLE 1009 ACTIVE
vIOS-PK-02#show crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: vpn_map, local addr 136.1.122.2
protected vrf: (none)
local ident (addr/mask/prot/port): (160.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (150.1.1.0/255.255.255.0/0/0)
current_peer 136.1.122.12 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 136.1.122.2, remote crypto endpt.: 136.1.122.12
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x3019AB24(806988580)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xAAE08B57(2866842455)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 13, flow_id: SW:13, sibling_flags 80004040, crypto map: vpn_map
sa timing: remaining key lifetime (k/sec): (4358849/2907)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x3019AB24(806988580)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 14, flow_id: SW:14, sibling_flags 80004040, crypto map: vpn_map
sa timing: remaining key lifetime (k/sec): (4358848/2907)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
