VPN Error – ‘CRYPTO-4-RECVD_PKT_NOT_IPSEC’
KB ID 0000936 Problem While setting up a simple site to site to site VPN, I was unable to get ISAKMP phase 1 to establish. When I had a look on the device at the far end. I saw this error logged in the console, every time I tried to bring up the tunnel. *Mar 1 00:21:42.811: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec’d packet not an IPSEC packet. (ip) vrf/dest_addr= /192.168.2.3, src_addr= 192.168.1.2, prot= 1 Solution After about 40...
Cisco IOS – Enrolling for Certificates with NDES
KB ID 0000948 Problem To get your Cisco Router or Switch to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your device is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Setting IOS Time (Manually and via NTP) 1. Choose either of the options below, (as...
Cisco ASA 5500 – Reset / Recycle VPN Tunnels
KB ID 0000586 Problem I’ve been asked this before and it came up on EE today, basically you have a site to site VPN tunnel and you either want to restart it or reset it. Solution Cisco ASA Reset ALL VPN Tunnels 1. Connect to your ASA, then to reset ALL your ISAKMP VPN tunnels use the following command; clear crypto isakmp sa In the example below I’ve reset ALL my tunnels. I had a constant ping running across the VPN, and...
Cisco ASA – Enrolling for Certificates with NDES
KB ID 0000948 Problem To get your ASA 5500 firewall to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your firewall is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Cisco ASA – Configuring for NTP 1. Make sure the firewall can contact the NDES...