%PIX-4-402106: Rec'd packet not an IPSEC packet.

Discussion in 'Cisco' started by lfnetworking, Aug 25, 2006.

  1. lfnetworking

    lfnetworking Guest

    515 running 7.2
    Attempting to ssh to inside interface through a cisco vpnclient
    connection. I can successfully ssh to inside interface from a machine on
    the same physical/logical segment.

    pix515# sh ssh
    Timeout: 5 minutes
    Version allowed: 2 pix-outside pix-inside


    Linux vpnclient stat
    Client Type(s): Linux
    Running on: Linux 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686
    Config file directory: /etc/opt/cisco-vpnclient

    VPN tunnel information.
    Client address:
    Encryption: 168-bit 3-DES
    Authentication: HMAC-SHA
    IP Compression: None
    NAT passthrough is active on port UDP 10000
    Local LAN Access is disabled

    VPN traffic summary.
    Time connected: 0 day(s), 00:27.20
    Bytes in: 260822
    Bytes out: 214704
    Packets encrypted: 2856
    Packets decrypted: 2010
    Packets bypassed: 4046
    Packets discarded: 0

    Configured routes.
    Secured Network Destination Netmask


    client ssh messages:
    ssh_exchange_identification: read: Connection reset by peer

    pix log message:
    %PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=, src_addr=, prot= TCP
    lfnetworking, Aug 25, 2006
    1. Advertisements

  2. I haven't studied 7.x. In 6.x, the only way to ssh from the
    outside through to the inside interface, is to configure a vpn
    as a "management vpn" and come in through that. The "management vpn"
    so created can -only- be used to access the PIX itself; I think it
    uses the other kind of IPSec tunnel (one that is *required* by
    the IPSec specifications not to be used to gateway packets.)
    Walter Roberson, Aug 26, 2006
    1. Advertisements

  3. lfnetworking

    Brian V Guest

    try the command "management-access inside"
    Brian V, Aug 26, 2006
  4. lfnetworking

    lfnetworking Guest

    thanks brian!
    lfnetworking, Aug 27, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.