cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1148
Views
0
Helpful
2
Replies
Highlighted
Beginner

Crypto Phase 1

I have read a couple things about it but needed to confirm if any of it is true regarding the setup I am using. The output is below: IP addresses have been changed.

DPF-Store3722#sh cry isa sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

1.1.1.1      2.2.2.2   QM_IDLE           2027 ACTIVE

3.3.3.3     1.1.1.1    QM_IDLE           2029 ACTIVE

2.2.2.2     1.1.1.1    QM_IDLE           2028 ACTIVE

The local Address from the Remote site is 1.1.1.1 and the 2 Hub locations are 2.2.2.2 and 3.3.3.3. Can anyone tell me why I see a third Phase 1 tunnel established with the same IP addresses but the source and destination is reversed?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Contributor

Re: Crypto Phase 1

Hi,

You can reach out to our Cisco Technical Assistance Center (TAC) for help with the issue you have reported. Please check if you have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service is required to be able to be covered by TAC.

You can contact the Cisco Technical Assistance Center (TAC) in one of the following ways:

•Online: http://www.cisco.com/tac/

•E-mail: tac@cisco.com

•Phone: North America 800-553-2447 | Australia 1-800-805-227 | Europe 32-2-704-5555  | Asia-Pacific 61-2-8446-7411 | UK 0800-404-7778

Please see the following URL for other contact numbers:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

If you don't have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service to be able to be covered by TAC, you can post your question to the Cisco Support Community website (https://supportforums.cisco.com/) and somebody will assist you with your questions.

I appreciate this opportunity to assist you and I do hope the information I sent you pointed you to the right direction.

Best regards,

"Nilz"

Nilo Noguera

.:|:.:|:. Specialist, Cisco Global Virtual Engineering - Cisco Partner Help

http://www.cisco.com/web/partners/tools/ph.html

"niLz" Nilo Noguera Jr. | Specialist, Virtual Engineering - Partner Helpline Organization together we are the human network

View solution in original post

2 REPLIES 2
Highlighted
Beginner

Re: Crypto Phase 1

Do you have the local device set to Originate Only or is it also set as a Responder? I am thinking that would be why you see the return SA.

Just a thought.

Highlighted
Contributor

Re: Crypto Phase 1

Hi,

You can reach out to our Cisco Technical Assistance Center (TAC) for help with the issue you have reported. Please check if you have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service is required to be able to be covered by TAC.

You can contact the Cisco Technical Assistance Center (TAC) in one of the following ways:

•Online: http://www.cisco.com/tac/

•E-mail: tac@cisco.com

•Phone: North America 800-553-2447 | Australia 1-800-805-227 | Europe 32-2-704-5555  | Asia-Pacific 61-2-8446-7411 | UK 0800-404-7778

Please see the following URL for other contact numbers:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

If you don't have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service to be able to be covered by TAC, you can post your question to the Cisco Support Community website (https://supportforums.cisco.com/) and somebody will assist you with your questions.

I appreciate this opportunity to assist you and I do hope the information I sent you pointed you to the right direction.

Best regards,

"Nilz"

Nilo Noguera

.:|:.:|:. Specialist, Cisco Global Virtual Engineering - Cisco Partner Help

http://www.cisco.com/web/partners/tools/ph.html

"niLz" Nilo Noguera Jr. | Specialist, Virtual Engineering - Partner Helpline Organization together we are the human network

View solution in original post