Hello,
Please advice me urgently!
Log message received in my Cisco 2821:
*Aug 26 08:42:43.135: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /192.168.1.2, src_addr= 10.0.20.103, prot= 1
*Aug 26 08:43:43.407: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /192.168.1.1, src_addr= 10.0.20.103, prot= 1
VPN Parameter:
Phase1:
encryption: 3des
authentication : pre-share
pre-share key : XXXXXX
hash : md5
group: 2
lifetime: 28800 sec
Phase 2:
pfs: disabled
encryption: 3des
hash: SHA-1
mode : tunnel
peer address: 10.101.0.20
life time: 28800 sec
Cisco 2821 configuration file:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXX address 10.101.0.20
!
!
crypto ipsec transform-set my_set esp-3des esp-sha-hmac
!
crypto map MY_MAP 10 ipsec-isakmp
set peer 10.101.0.20
set security-association lifetime seconds 28800
set transform-set my_set
match address VPN_LIST
!
!
!
interface GigabitEthernet0/0
ip address 10.101.0.1 255.255.255.0
duplex auto
speed auto
crypto map MY_MAP
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 10.101.0.20
no ip http server
no ip http secure-server
!
!
!
ip access-list extended VPN_LIST
permit ip 192.168.1.0 0.0.0.255 10.0.20.0 0.0.0.255
Ping from host 10.0.20.103 to host 192.168.1.2 is successful.
But I am not being able to ping reverse!
All the firewall settings and access-lists rule are fine in RV042.
Vpn tunnel is up:
Router#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.101.0.1 10.101.0.20 QM_IDLE 1001 ACTIVE
IPv6 Crypto ISAKMP SA
I am now totally stuck because of above log message appearing frequently while trying to ping host.
And also I've tried between two RV042 routers, it was successful.
Currently I am configuring site to site vpn in a hub & spoke topology.
Expecting your kind suggestions!
