11-01-2023 01:48 PM
Hello community,
I have an issue while i am trying to configure a Site-to-Site VPN with crypto maps with IPV6.
The topology is uploaded as an attachment.
I noticed that when i apply my crypto map on the outside interfaces on the routers, i get this message:
%CRYPTO-4-RECVD_PKT_NOT_IPSEC_V6: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /FF02::1, src_addr= FE80::C803:3BFF:FED8:1C, prot= 58
The configuration of each router is uploaded also.
In addition, on R3 i can see some error messages regarding ipv6:
1 20:24:32.963: ICMPv6: Sent Unreachable code 3, src=2001:DB8:0:1::2, Dst=2001:DB8:0:1::1
*Nov 1 20:24:32.967: ICMPv6: Sent N-Solicit, src=2001:DB8:0:1::2, Dst=FF02::1:FF00:1
R3#
*Nov 1 20:24:34.055: ICMPv6: Sent N-Solicit, src=2001:DB8:0:1::2, Dst=FF02::1:FF00:1
R3#
*Nov 1 20:24:35.143: ICMPv6: Sent N-Solicit, src=2001:DB8:0:1::2, Dst=FF02::1:FF00:1
The result is that the IPSec tunnel cannot be established.
Any help would be appreciated
Thanks in advance.
11-04-2023 10:13 AM
check this example.
I am weak in IPv6 but I will try as much as I can to help you in this lab.
Thanks A Lot
MHM
11-04-2023 06:35 PM
Hopefully the link @MHM Cisco World provided will help explain it for you but let's clarify some info about what you're trying to do:
- which routers are you trying to create the IPSEC tunnel between? R1 & R2?
- you've provided config for R1 & R2 but not R3?
Are you aware that crypto maps are being deprecated? Latest IOS already doesn't support crypto map on some interfaces and Cisco plan to discontinue support for crypto maps altogether:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-16-8/sec-sec-for-vpns-w-ipsec-xe-16-8-book/sec-cfg-vpn-ipsec.html#GUID-318AA5E9-036B-4CE8-A53E-3E15065F2F01
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/bulletin-c25-744830.html
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-ipsec/white-paper-c11-744879.html
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/214728-configure-multi-sa-virtual-tunnel-interf.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide