@manvik When the remote branch initiates the IKE negotiation, that peer sends all of its IKE policies to the remote peer (hub), and the remote peer tries to find a match. The remote peer checks all of the peer's policies against each of its configured policies in priority order (highest priority first) until it discovers a match. The lower the priority number, the higher the priority
@manvik When the remote branch initiates the IKE negotiation, that peer sends all of its IKE policies to the remote peer (hub), and the remote peer tries to find a match. The remote peer checks all of the peer's policies against each of its configured policies in priority order (highest priority first) until it discovers a match. The lower the priority number, the higher the priority
@manvik yes in your example 10 is the priority of the IKE policy.
"show crypto ikev1 sa" (or "show crypto ikev2 sa" when using IKEv2) would help you determine what algorithms where used per peer to establish the IKE SA, it won't tell you which policy number was matched, but you'd be able to determine that yourself from the encryption, hashing, group etc in use.
policy priority select the order of search, until now there is no way to find which policy Peer use except by using debug, the issue is that phaseI ALL policies send in one message to peer, and Peer reply with accept one, and this can detect as I mention above via debug. sorry there is no any show help you in this case.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
.jpg "VIP Master"){kind=icon}
