Stu hit the nail on the head with the recommendation to check that the crypto map is applied correctly. Saw that same message yesterday and it was the crypto map.
HTH Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. On Wed, Jan 6, 2010 at 12:19 PM, Stuart Hare <[email protected]> wrote: > Simon, > Havent had chance to go through lab 4 yet but generally this could point to > a few things: > Make sure your routing is ok in both directions. > Ensure your proxy acls are exact mirror images of each other to ensure that > the correct traffic is set to be encrypted. > Is your crypto map assigned to the correct interface? > Just a few general things to try, but these would also depend on the > technology your using. > Stu > > On Wed, Jan 6, 2010 at 12:02 PM, Simon Baumann <[email protected]> > wrote: >> >> Hi, >> I'm working on the VPN labs, struggeling with task 4.4 >> When I want to verify my configuration (pining 8.9.2.2 so f0/1 from R5), I >> get this err when I do a "gebug cry isa" >> 6 11:54:30.579: ISAKMP:(1001): sending packet to 8.9.50.2 my_port 500 >> peer_port 500 (I) AG_INIT_EXCH >> *Jan 6 11:54:30.579: ISAKMP:(1001):Sending an IKE IPv4 Packet. >> *Jan 6 11:54:31.139: ISAKMP (1001): received packet from 8.9.50.2 dport >> 500 sport 500 Global (I) AG_INIT_EXCH >> *Jan 6 11:54:31.139: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from >> 8.9.50.2 was not encrypted and it should've been. >> Cisco lists this "solution": >> >> Error Message >> >> %CRYPTO-6-IKMP_NOT_ENCRYPTED : IKE packet from [IP_address] was not >> encrypted and it should've been. >> >> Explanation A portion of the IKE is unencrypted, and a portion is >> encrypted. This message should have been encrypted but was not. >> >> Recommended Action Contact the remote peer. >> >> Could you geive me an hint what to check? TIA! >> >> Cheers >> >> Simon >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> > > > > -- > Regards, > > Stuart Hare > CCIE #25616 (Security), CCSP, Microsoft MCP > Sr. Support Engineer – IPexpert, Inc. > URL: http://www.IPexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
