04-13-2005 06:56 AM - edited 02-21-2020 01:43 PM
I receive the following message when trying to bring up the tunnel. ISAKMP: error, msg not encrypted. I have found no information on the Cisco website. Attached is the complete debug.
04-13-2005 12:58 PM
Hello,
The error occured for a packet from 10.48.32.125 (local) to 10.50.127.253 (remote).
The IPSec SA doesn't identify this as interesting traffic. The IPSec SA established:
local_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),
remote_proxy= 149.x.x.18/255.255.255.255/1/0 (type=1)
That is, only traffic from 0.0.0.0 (local, that is any host) to 149.x.x.18 (remote, one host) will be encrypted by IPSec.
If you need this traffic to be encrypted, the crypto acl should be modified, e.g adding this line:
access-list
And at the same time, the crypto acl has to be modified on the Nortel side to mirror image the pix acl.
HTH,
Mustafa
04-14-2005 05:51 AM
I have other tunnels and the peer address is not in the access-list and they work fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide