%PIX-4-402106: Rec'd packet not an IPSEC packet.

Discussion in 'Cisco' started by lfnetworking, Aug 25, 2006.

  1. lfnetworking

    lfnetworking Guest

    515 running 7.2
    Attempting to ssh to inside interface through a cisco vpnclient
    connection. I can successfully ssh to inside interface from a machine on
    the same physical/logical segment.

    pix515# sh ssh
    Timeout: 5 minutes
    Version allowed: 2
    0.0.0.0 0.0.0.0 pix-outside
    0.0.0.0 0.0.0.0 pix-inside

    ................

    Linux vpnclient stat
    Client Type(s): Linux
    Running on: Linux 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686
    Config file directory: /etc/opt/cisco-vpnclient

    VPN tunnel information.
    Client address: 192.168.221.2
    Encryption: 168-bit 3-DES
    Authentication: HMAC-SHA
    IP Compression: None
    NAT passthrough is active on port UDP 10000
    Local LAN Access is disabled

    VPN traffic summary.
    Time connected: 0 day(s), 00:27.20
    Bytes in: 260822
    Bytes out: 214704
    Packets encrypted: 2856
    Packets decrypted: 2010
    Packets bypassed: 4046
    Packets discarded: 0

    Configured routes.
    Secured Network Destination Netmask
    192.168.220.0 255.255.255.0

    ........................

    client ssh messages:
    ssh_exchange_identification: read: Connection reset by peer

    pix log message:
    %PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=
    192.168.220.1, src_addr= 192.168.221.2, prot= TCP
     
    lfnetworking, Aug 25, 2006
    #1
    1. Advertisements

  2. In article <cLIHg.33$>,
    lfnetworking <_bill_@_lfnetworking.com> wrote:
    >515 running 7.2
    >Attempting to ssh to inside interface through a cisco vpnclient
    >connection. I can successfully ssh to inside interface from a machine on
    >the same physical/logical segment.


    I haven't studied 7.x. In 6.x, the only way to ssh from the
    outside through to the inside interface, is to configure a vpn
    as a "management vpn" and come in through that. The "management vpn"
    so created can -only- be used to access the PIX itself; I think it
    uses the other kind of IPSec tunnel (one that is *required* by
    the IPSec specifications not to be used to gateway packets.)
     
    Walter Roberson, Aug 26, 2006
    #2
    1. Advertisements

  3. lfnetworking

    Brian V Guest

    "Walter Roberson" <> wrote in message
    news:K_PHg.461219$iF6.370067@pd7tw2no...
    > In article <cLIHg.33$>,
    > lfnetworking <_bill_@_lfnetworking.com> wrote:
    >>515 running 7.2
    >>Attempting to ssh to inside interface through a cisco vpnclient
    >>connection. I can successfully ssh to inside interface from a machine on
    >>the same physical/logical segment.

    >
    > I haven't studied 7.x. In 6.x, the only way to ssh from the
    > outside through to the inside interface, is to configure a vpn
    > as a "management vpn" and come in through that. The "management vpn"
    > so created can -only- be used to access the PIX itself; I think it
    > uses the other kind of IPSec tunnel (one that is *required* by
    > the IPSec specifications not to be used to gateway packets.)


    try the command "management-access inside"
     
    Brian V, Aug 26, 2006
    #3
  4. lfnetworking

    lfnetworking Guest

    thanks brian!
     
    lfnetworking, Aug 27, 2006
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    1
    Views:
    675
  2. Thad
    Replies:
    217
    Views:
    4,069
    David Dyer-Bennet
    Sep 8, 2004
  3. Lionel
    Replies:
    16
    Views:
    1,153
    Ken Tough
    Sep 17, 2004
  4. admin
    Replies:
    15
    Views:
    833
    Paul J Gans
    Jul 1, 2006
  5. SMS 斯蒂文• å¤

    "rec.photo.digital.txt" and "rec.photo.digital.dat" Filter DataUpdated and Posted

    SMS 斯蒂文• å¤, Nov 26, 2007, in forum: Digital Photography
    Replies:
    1
    Views:
    715
    SMS ???• ?
    Nov 26, 2007
  6. SMS 斯蒂文• å¤

    "rec.photo.digital.txt" and "rec.photo.digital.dat" Filter DataUpdated and Posted

    SMS 斯蒂文• å¤, Nov 28, 2007, in forum: Digital Photography
    Replies:
    3
    Views:
    611
    SMS the TROLL
    Nov 28, 2007
  7. SMS 斯蒂文• å¤

    "rec.photo.digital.txt" and "rec.photo.digital.dat" Filter Data Updatedand Posted

    SMS 斯蒂文• å¤, Dec 5, 2007, in forum: Digital Photography
    Replies:
    3
    Views:
    540
    Tom Delaney
    Dec 7, 2007
  8. mediumkuriboh
    Replies:
    0
    Views:
    2,144
    mediumkuriboh
    Feb 9, 2009
Loading...