05-16-2017 04:18 AM - edited 02-21-2020 09:17 PM
Hi,
when I configured GRE over IPsec (with crypto profile), I got this error when I enabled keepalive on the GRE tunnel,
*May 16 13:19:02.399: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /10.0.7.7, src_addr= 10.0.1.1, prot= 47
basically, this syslog message appeared on the router which keepalive under GRE tunnel was configured,
when I configured keepalive on both sides to be equal, it did not solve the problem, I had to insert no keepalive on both sides, and then only the tunnel came up:
interface Tunnel17
no keepalive
I used the same configuration with crypto map, and did not face this issue, I have modified the keepalive on the tunnel to even be different from each other, and the tunnel worked fine,
is there any reason of this happens !?
05-16-2017 06:59 PM
Hi mohammed hashim,
The following link explains really well the difference between using a crypto map and using tunnel protection when using GRE/IPsec tunnels with keepalives:
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html#anc7
Hope this info helps!!
Rate if helps you!!
-JP-
03-29-2020 06:54 AM - edited 03-29-2020 06:54 AM
Thank you for this! I had this exact issue and was pulling my hair out for ages. In my case I couldn't get a GRE tunnel to establish when using crypto map and IPsec profile, or IPsec profile to IPsec profile.. Crypto map to Crypto Map was fine.
Disabling keepalives on the GRE tunnel interface resolved the issue. This is explained on the above link in 2 of the scenarios and the fixes are in the workaround section.
06-14-2020 05:29 AM
This was very help full for me. The current ENCOR book does not mention the keepalive issue !!!
05-17-2017 06:31 PM
I have seen this issue before and it was a software bug.
I recommend upgrading to the latest gold star release for your platform.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide