Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Tunnel Not Encrypting (but decrypts)

Status
Not open for further replies.
dannnno

dannnno

MIS
Jun 30, 2008
1
CA
I'm having an issue creating a simple VPN tunnel between 2 devices. I know the issue lies with the local device (3825 - IOS 12.4(3h))as the remote device is working fine with multiple tunnels already configured. The tunnel sets up ok but then a 'show crypto ipsec sa' reveals that it is decrypting packets but is not encrypting any. The remote side shows the opposite.

Oddly, if I use Tunnel Protection then the tunnel comes up and passes traffic but I want to set it up using a crypto map.

A 'debug crypto ipsec' on the remote side shows %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet when I try to ping across the tunnel from either end.

This is what I have set up as far as the local side .. The remote side is identically mirrored:
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp key MyFakeKey address 222.222.222.222
!
crypto ipsec transform-set TS1 esp-3des esp-md5-hmac
mode transport
!
crypto map VPN 10 ipsec-isakmp
set peer 222.222.222.222
set transform-set TS1
match address 110
!
interface Tunnel10
ip address 172.20.22.9 255.255.255.252
ip mtu 1400
tunnel source FastEthernet2/1
tunnel destination 222.222.222.222
!
interface FastEthernet2/1
description E100 TNG Side
ip address 111.111.111.111 255.255.255.240
crypto map VPN
!
access-list 110 permit gre host 111.111.111.111 host 222.222.222.222 log


Also, the access-list packet counter will increment if the packet is initiated from the remote side but not if I initiate the traffic from the local side.

I'm at a loss here. Thanks for any help provided.

Regards,

Dan
 
Sort by date Sort by votes
I'm still having this issue ... As an update, the tunnel works fine if I take off encryption altogether. If I add the crypto map to the local side, traffic still passes and the tunnel works fine because it's not encrypting the traffic. If I add encryption to the remote side then it breaks because the remote side is working properly.

I know it sees the crypto map statement because it has to check the crypto map to know what ACL to use and then uses it when responding to pings from the remote side but not when initiating pings from the local side. I hope this helps. Thanks again,

Dan
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
231
quazimotto
quazimotto
telemarksman
  • Locked
  • Question
ATA Cisco SPA122 not triggering single line courtesy phone ringer
Replies
0
Views
232
telemarksman
telemarksman
Mogles49
  • Locked
  • Question
tshooting-tunnels
Replies
0
Views
200
Mogles49
Mogles49
DigitalG
  • Locked
  • Question
cisco rv180 vpn tunnel between a rv130
Replies
0
Views
187
DigitalG
DigitalG
siggyb
  • Locked
  • Question
Router on a stick, router pings internet but sitch does not
Replies
1
Views
203
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top