I have a Cisco 9200-24P switch. Im trying to setup an IKEv2 (flexvpn) tunnel that can encrypt traffic and dynamic routes. I seem to have that much working, The tunnel is up, EIGRP is exchanging routes. I can reach the switch from the far end devices (ping, SSH, TFTP, etc) However, I have a laptop connected to the switch and it will not communicate over the tunnel. The router on the far end is logging these messages:
%IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000640913545780936 %IPSEC-3-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet, dest_addr= 172.16.13.5, src_addr= xx.xx.xx.xx, prot= 47
So seems like the switch is trying to send unencrypted packets over the tunnel. Basically I'm trying to turn this switch into a branch router. And maybe that's just not what it's designed to do. But I haven't found any official documentation stating it doesn't support routing over an encrypted tunnel. And, obviously it IS working, but just not in any functional capacity.
Anybody else tried this or know whether or not it can be done?
No comments:
Post a Comment