Announcement

**speedforder219** · 27-08-2015, 06:35 PM

Log đổ về

Tram1#ping 192.168.21.1 source 192.168.1.51
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.51

*Aug 27 10:33:02.147: ISAKMP:(0): SA request profile is (NULL)
*Aug 27 10:33:02.147: ISAKMP: Created a peer struct for 113.161.38.137, peer port 500
*Aug 27 10:33:02.147: ISAKMP: New peer created peer = 0x84E13250 peer_handle = 0x80000005
*Aug 27 10:33:02.147: ISAKMP: Locking peer struct 0x84E13250, refcount 1 for isakmp_initiator
*Aug 27 10:33:02.147: ISAKMP: local port 500, remote port 500
*Aug 27 10:33:02.147: ISAKMP: set new node 0 to QM_IDLE
*Aug 27 10:33:02.147: ISAKMP:(0):insert sa successfully sa = 874CE540
*Aug 27 10:33:02.147: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Aug 27 10:33:02.147: ISAKMP:(0):found peer pre-shared key matching 113.161.38.137
*Aug 27 10:33:02.147: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Aug 27 10:33:02.147: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Aug 27 10:33:02.147: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Aug 27 10:33:02.147: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Aug 27 10:33:02.147: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Aug 27 10:33:02.147: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

*Aug 27 10:33:02.147: ISAKMP:(0): beginning Main Mode exchange
*Aug 27 10:33:02.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:02.147: ISAKMP:(0):Sending an IKE IPv4 Packet......
Success rate is 0 percent (0/5)
Tram1#
*Aug 27 10:33:12.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:33:12.147: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Aug 27 10:33:12.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Aug 27 10:33:12.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:12.147: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Aug 27 10:33:12.547: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.252, src_addr= 192.168.1.38, prot= 17
*Aug 27 10:33:22.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:33:22.147: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
*Aug 27 10:33:22.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Aug 27 10:33:22.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:22.147: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Aug 27 10:33:32.147: ISAKMP: set new node 0 to QM_IDLE
*Aug 27 10:33:32.147: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 192.168.1.51, remote 113.161.38.137)
*Aug 27 10:33:32.147: ISAKMP: Error while processing SA request: Failed to initialize SA
*Aug 27 10:33:32.147: ISAKMP: Error while processing KMI message 0, error 2.
*Aug 27 10:33:32.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:33:32.147: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
*Aug 27 10:33:32.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Aug 27 10:33:32.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:32.147: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Aug 27 10:33:42.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:33:42.147: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
*Aug 27 10:33:42.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Aug 27 10:33:42.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:42.147: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Aug 27 10:33:52.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:33:52.147: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
*Aug 27 10:33:52.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Aug 27 10:33:52.147: ISAKMP:(0): sending packet to 113.161.38.137 my_port 500 peer_port 500 (I) MM_NO_STATE
*Aug 27 10:33:52.147: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Aug 27 10:34:02.147: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Aug 27 10:34:02.147: ISAKMP:(0):peer does not do paranoid keepalives.

*Aug 27 10:34:02.147: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 113.161.38.137)
*Aug 27 10:34:02.147: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 113.161.38.137)
*Aug 27 10:34:02.147: ISAKMP: Unlocking peer struct 0x84E13250 for isadb_mark_sa_deleted(), count 0
*Aug 27 10:34:02.147: ISAKMP: Deleting peer node by peer_reap for 113.161.38.137: 84E13250
*Aug 27 10:34:02.147: ISAKMP:(0):deleting node 1797047820 error FALSE reason "IKE deleted"
*Aug 27 10:34:02.147: ISAKMP:(0):deleting node 1219673663 error FALSE reason "IKE deleted"
*Aug 27 10:34:02.147: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Aug 27 10:34:02.147: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_DEST_SA

*Aug 27 10:34:27.095: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /224.0.0.252, src_addr= 192.168.1.38, prot= 17
*Aug 27 10:34:52.147: ISAKMP:(0):purging node 1797047820
*Aug 27 10:34:52.147: ISAKMP:(0):purging node 1219673663

**dangquangminh** · 27-08-2015, 07:32 PM

lỗi này là do crypto access list ở hai đầu chưa "match" hoặc là cấu hình routing chưa chính xác.

User receives the error message "%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.(ip) dest_addr= [IP_address], src_addr= [IP_address], prot= [dec]."

https://supportforums.cisco.com/document/15966/user-receives-error-message-crypto-4-recvdpktnotipsec-recd-packet-not-ipsec-packetip

Core issue A packet is received that matches the encryption (crypto) map access control list (ACL), but is not IPsec-encapsulated. The IPsec peer sends unencapsulated packets. This condition can be caused by a policy setup error on the peer, or it might be considered a hostile event. This error mess...

**speedforder219** · 27-08-2015, 10:13 PM

theo như cấu hình của em ở trên thì em thấy đúng mà ta.
lúc ping tới thì nó báo phase không thiết lập đc bị lỗi =.=

Announcement

Lỗi VPN Site-To-Site

Lỗi VPN Site-To-Site

Comment

Comment

Comment