%PIX-4-402106: Rec'd packet not an IPSEC packet.
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by lfnetworking on August 25, 2006, 4:06 pm
Please log in for more thread options Attempting to ssh to inside interface through a cisco vpnclient connection. I can successfully ssh to inside interface from a machine on the same physical/logical segment. pix515# sh ssh Timeout: 5 minutes Version allowed: 2 0.0.0.0 0.0.0.0 pix-outside 0.0.0.0 0.0.0.0 pix-inside ............... Linux vpnclient stat Client Type(s): Linux Running on: Linux 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 Config file directory: /etc/opt/cisco-vpnclient VPN tunnel information. Client address: 192.168.221.2 Encryption: 168-bit 3-DES Authentication: HMAC-SHA IP Compression: None NAT passthrough is active on port UDP 10000 Local LAN Access is disabled VPN traffic summary. Time connected: 0 day(s), 00:27.20 Bytes in: 260822 Bytes out: 214704 Packets encrypted: 2856 Packets decrypted: 2010 Packets bypassed: 4046 Packets discarded: 0 Configured routes. Secured Network Destination Netmask 192.168.220.0 255.255.255.0 ....................... client ssh messages: ssh_exchange_identification: read: Connection reset by peer pix log message: %PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 192.168.220.1, src_addr= 192.168.221.2, prot= TCP | ||||||||||||||||
|
Posted by Walter Roberson on August 26, 2006, 12:20 am
Please log in for more thread options I haven't studied 7.x. In 6.x, the only way to ssh from the outside through to the inside interface, is to configure a vpn as a "management vpn" and come in through that. The "management vpn" so created can -only- be used to access the PIX itself; I think it uses the other kind of IPSec tunnel (one that is *required* by the IPSec specifications not to be used to gateway packets.) | ||||||||||||||||
|
Posted by Brian V on August 26, 2006, 10:49 am
Please log in for more thread options
>>515 running 7.2
>>Attempting to ssh to inside interface through a cisco vpnclient >>connection. I can successfully ssh to inside interface from a machine on >>the same physical/logical segment. >
> I haven't studied 7.x. In 6.x, the only way to ssh from the > outside through to the inside interface, is to configure a vpn > as a "management vpn" and come in through that. The "management vpn" > so created can -only- be used to access the PIX itself; I think it > uses the other kind of IPSec tunnel (one that is *required* by > the IPSec specifications not to be used to gateway packets.) try the command "management-access inside" | ||||||||||||||||
|
Posted by lfnetworking on August 27, 2006, 1:30 am
Please log in for more thread options thanks brian!
| ||||||||||||||||
| Similar Threads | Posted |
| %PIX-4-402106: Rec'd packet not an IPSEC packet. | August 25, 2006, 4:06 pm |
| packet loss through ipsec-tunnel after upgrade IOS | October 12, 2006, 4:49 pm |
| packet of disconnect | August 7, 2005, 10:52 pm |
| Packet fragmentation | April 25, 2006, 3:07 pm |
| pix 7.21 packet-tracer | July 7, 2006, 6:53 am |
| Packet fragmentation | July 27, 2006, 3:28 pm |
| debug ip packet | September 1, 2006, 7:56 pm |
| Packet Capture | November 15, 2006, 7:39 am |
| Packet grabs | April 9, 2007, 9:46 am |
| 50% packet loss ? | February 25, 2008, 1:00 pm |
| Packet Capturing | July 4, 2008, 2:43 am |
| help: Packet over SONET sdh problem | January 3, 2006, 12:40 pm |
| some commands about loss packet | February 13, 2006, 8:33 am |
| WAN packet loss/latency | April 24, 2006, 9:23 pm |
| per-packet load balancing | July 20, 2006, 9:39 pm |
>Attempting to ssh to inside interface through a cisco vpnclient
>connection. I can successfully ssh to inside interface from a machine on
>the same physical/logical segment.