Simon, Havent had chance to go through lab 4 yet but generally this could point to a few things: Make sure your routing is ok in both directions. Ensure your proxy acls are exact mirror images of each other to ensure that the correct traffic is set to be encrypted. Is your crypto map assigned to the correct interface?
Just a few general things to try, but these would also depend on the technology your using. Stu On Wed, Jan 6, 2010 at 12:02 PM, Simon Baumann <[email protected]>wrote: > > Hi, > I'm working on the VPN labs, struggeling with task 4.4 > > When I want to verify my configuration (pining 8.9.2.2 so f0/1 from R5), I > get this err when I do a "gebug cry isa" > > 6 11:54:30.579: ISAKMP:(1001): sending packet to 8.9.50.2 my_port 500 > peer_port 500 (I) AG_INIT_EXCH > *Jan 6 11:54:30.579: ISAKMP:(1001):Sending an IKE IPv4 Packet. > *Jan 6 11:54:31.139: ISAKMP (1001): received packet from 8.9.50.2 dport > 500 sport 500 Global (I) AG_INIT_EXCH > *Jan 6 11:54:31.139: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from > 8.9.50.2 was not encrypted and it should've been. > > Cisco lists this "solution": > > Error Message > > %CRYPTO-6-IKMP_NOT_ENCRYPTED : IKE packet from [IP_address] was not > encrypted and it should've been. > > Explanation A portion of the IKE is unencrypted, and a portion is > encrypted. This message should have been encrypted but was not. > > Recommended Action Contact the remote peer. > > > Could you geive me an hint what to check? TIA! > > > Cheers > > Simon > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
