%PIX-4-402106: Rec'd packet not an IPSEC packet.

%PIX-4-402106: Rec'd packet not an IPSEC packet.
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
%PIX-4-402106: Rec'd packet not an IPSEC packet. lfnetworking 08-25-2006
Posted by lfnetworking on August 25, 2006, 4:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
515 running 7.2
Attempting to ssh to inside interface through a cisco vpnclient
connection. I can successfully ssh to inside interface from a machine on
the same physical/logical segment.

pix515# sh ssh
Timeout: 5 minutes
Version allowed: 2
0.0.0.0 0.0.0.0 pix-outside
0.0.0.0 0.0.0.0 pix-inside

...............

Linux vpnclient stat
Client Type(s): Linux
Running on: Linux 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686
Config file directory: /etc/opt/cisco-vpnclient

VPN tunnel information.
Client address: 192.168.221.2
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is active on port UDP 10000
Local LAN Access is disabled

VPN traffic summary.
Time connected: 0 day(s), 00:27.20
Bytes in: 260822
Bytes out: 214704
Packets encrypted: 2856
Packets decrypted: 2010
Packets bypassed: 4046
Packets discarded: 0

Configured routes.
Secured Network Destination Netmask
192.168.220.0 255.255.255.0

.......................

client ssh messages:
ssh_exchange_identification: read: Connection reset by peer

pix log message:
%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=
192.168.220.1, src_addr= 192.168.221.2, prot= TCP



Network Magic Graduation 20% off animated banner
Posted by Walter Roberson on August 26, 2006, 12:20 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>515 running 7.2
>Attempting to ssh to inside interface through a cisco vpnclient
>connection. I can successfully ssh to inside interface from a machine on
>the same physical/logical segment.

I haven't studied 7.x. In 6.x, the only way to ssh from the
outside through to the inside interface, is to configure a vpn
as a "management vpn" and come in through that. The "management vpn"
so created can -only- be used to access the PIX itself; I think it
uses the other kind of IPSec tunnel (one that is *required* by
the IPSec specifications not to be used to gateway packets.)

Posted by Brian V on August 26, 2006, 10:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>>515 running 7.2
>>Attempting to ssh to inside interface through a cisco vpnclient
>>connection. I can successfully ssh to inside interface from a machine on
>>the same physical/logical segment.
>
> I haven't studied 7.x. In 6.x, the only way to ssh from the
> outside through to the inside interface, is to configure a vpn
> as a "management vpn" and come in through that. The "management vpn"
> so created can -only- be used to access the PIX itself; I think it
> uses the other kind of IPSec tunnel (one that is *required* by
> the IPSec specifications not to be used to gateway packets.)

try the command "management-access inside"



Posted by lfnetworking on August 27, 2006, 1:30 am
If you were  Registered and logged in, you could reply and use other advanced thread options
thanks brian!

Similar ThreadsPosted
packet loss through ipsec-tunnel after upgrade IOS October 12, 2006, 4:49 pm
UDP/IP packet question July 5, 2004, 6:58 am
802.1q for packet filtering April 4, 2005, 11:51 am
packet generator April 18, 2005, 5:45 pm
VPN Packet Size. April 23, 2005, 9:32 am
packet of disconnect August 7, 2005, 10:52 pm
Packet fragmentation April 25, 2006, 3:07 pm
pix 7.21 packet-tracer July 7, 2006, 6:53 am
Packet fragmentation July 27, 2006, 3:28 pm
debug ip packet September 1, 2006, 7:56 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map