Hi Kings, thanks for the reply. Actually with the same BPR on..but we I removed the crypto map on outside interface it started ping and giving reply..?
On Sun, Oct 3, 2010 at 6:50 AM, Kingsley Charles <[email protected] > wrote: > *%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet *usually > comes when the IOS is expecting for IPSec packet but then it sees the > traffic in clear text. > > Seems your PBR is changing the normal routing and pushing it into IPSec > path. > > Just a guess. > > > > > With regards > Kings > > On Sun, Oct 3, 2010 at 3:32 AM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi >> >> I have configured PBR to block ICMP with packet size 500 from Frame cloud >> to R4 inside interface. However on R4 is also configured as ezvpn client. I >> have the following configuration >> on R4 inside and outside interfaces >> >> interface FastEthernet0/0 >> ip address 192.1.40.4 255.255.255.0 >> duplex auto >> speed auto >> crypto ipsec client ezvpn ABC inside >> ! >> interface Serial0/0/0 >> crypto ipsec client ezvpn ABC >> service-policy type access-control input PM-AC2 >> ip policy route-map mymap >> >> After I configured PBR on R4 I tried to ping R4 inside ip (192.1.40.4) I >> could and got the following error: >> Oct 2 21:44:10.451: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an >> IPSEC packet. (ip) vrf/dest_addr= /192.1.40.4, src_addr= 192.1.24.2, >> prot= 1 >> >> However when I removed the crypto map on s0/0/0, I can ping to R4 >> (192.1.40.4). Can some one advise me what is the issue here??. >> >> thanks >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
