Security: rec'd packet not an ipsec packet !

Discussion in 'Cisco' started by mediumkuriboh, Feb 9, 2009.

  1. mediumkuriboh


    Feb 9, 2009
    Likes Received:
    I am just trying to ping the outside interface after i made a vpn connection on my PIX515E. Ping works before applying the crypto map, but after, if i enable logging, the packet dropped and this is logged by :
    pixfirewall(config)# 402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=, src_addr=, prot= icmp

    Here is my config:
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password T/t63Bt/WwztM4UV encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1433
    fixup protocol sqlnet 1521

    access-list VPN permit ip host host
    access-list VPN permit ip
    access-list laptop permit ip host host
    access-list inbound permit tcp any host eq www
    access-list acl_site permit ip

    pager lines 24
    logging on
    logging console notifications
    mtu outside 1500
    mtu inside 1500
    ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list VPN
    nat (inside) 1 0 0
    access-group inbound_ping in interface outside
    route outside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    crypto ipsec transform-set myts esp-des esp-md5-hmac
    crypto map mymap 10 ipsec-isakmp
    crypto map mymap 10 match address acl_site
    crypto map mymap 10 set transform-set myts
    crypto map mymap interface outside
    isakmp enable outside
    isakmp key ******** address netmask
    isakmp identity address
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    : end
    What is strange is that access list for crypto-map seems fine, i can't see what happening. Any help please.

    mediumkuriboh, Feb 9, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.