%PIX-4-402106: Rec'd packet not an IPSEC packet.

Discussion in 'Cisco' started by lfnetworking, Aug 25, 2006.

  1. lfnetworking

    lfnetworking Guest

    515 running 7.2
    Attempting to ssh to inside interface through a cisco vpnclient
    connection. I can successfully ssh to inside interface from a machine on
    the same physical/logical segment.

    pix515# sh ssh
    Timeout: 5 minutes
    Version allowed: 2
    0.0.0.0 0.0.0.0 pix-outside
    0.0.0.0 0.0.0.0 pix-inside

    ................

    Linux vpnclient stat
    Client Type(s): Linux
    Running on: Linux 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686
    Config file directory: /etc/opt/cisco-vpnclient

    VPN tunnel information.
    Client address: 192.168.221.2
    Encryption: 168-bit 3-DES
    Authentication: HMAC-SHA
    IP Compression: None
    NAT passthrough is active on port UDP 10000
    Local LAN Access is disabled

    VPN traffic summary.
    Time connected: 0 day(s), 00:27.20
    Bytes in: 260822
    Bytes out: 214704
    Packets encrypted: 2856
    Packets decrypted: 2010
    Packets bypassed: 4046
    Packets discarded: 0

    Configured routes.
    Secured Network Destination Netmask
    192.168.220.0 255.255.255.0

    ........................

    client ssh messages:
    ssh_exchange_identification: read: Connection reset by peer

    pix log message:
    %PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=
    192.168.220.1, src_addr= 192.168.221.2, prot= TCP
    lfnetworking, Aug 25, 2006
    #1
    1. Advertising

  2. In article <cLIHg.33$>,
    lfnetworking <_bill_@_lfnetworking.com> wrote:
    >515 running 7.2
    >Attempting to ssh to inside interface through a cisco vpnclient
    >connection. I can successfully ssh to inside interface from a machine on
    >the same physical/logical segment.


    I haven't studied 7.x. In 6.x, the only way to ssh from the
    outside through to the inside interface, is to configure a vpn
    as a "management vpn" and come in through that. The "management vpn"
    so created can -only- be used to access the PIX itself; I think it
    uses the other kind of IPSec tunnel (one that is *required* by
    the IPSec specifications not to be used to gateway packets.)
    Walter Roberson, Aug 26, 2006
    #2
    1. Advertising

  3. lfnetworking

    Brian V Guest

    "Walter Roberson" <> wrote in message
    news:K_PHg.461219$iF6.370067@pd7tw2no...
    > In article <cLIHg.33$>,
    > lfnetworking <_bill_@_lfnetworking.com> wrote:
    >>515 running 7.2
    >>Attempting to ssh to inside interface through a cisco vpnclient
    >>connection. I can successfully ssh to inside interface from a machine on
    >>the same physical/logical segment.

    >
    > I haven't studied 7.x. In 6.x, the only way to ssh from the
    > outside through to the inside interface, is to configure a vpn
    > as a "management vpn" and come in through that. The "management vpn"
    > so created can -only- be used to access the PIX itself; I think it
    > uses the other kind of IPSec tunnel (one that is *required* by
    > the IPSec specifications not to be used to gateway packets.)


    try the command "management-access inside"
    Brian V, Aug 26, 2006
    #3
  4. lfnetworking

    lfnetworking Guest

    thanks brian!
    lfnetworking, Aug 27, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thad
    Replies:
    217
    Views:
    2,551
    David Dyer-Bennet
    Sep 8, 2004
  2. Lionel
    Replies:
    16
    Views:
    715
    Ken Tough
    Sep 17, 2004
  3. Woodchuck Bill
    Replies:
    15
    Views:
    544
  4. Woodchuck Bill
    Replies:
    36
    Views:
    784
  5. mediumkuriboh
    Replies:
    0
    Views:
    1,473
    mediumkuriboh
    Feb 9, 2009
Loading...

Share This Page