ā03-03-2012 12:18 AM - edited ā03-11-2019 03:38 PM
Hi All
I am geeting the below error but still we are able to access the machine of far end.when i excute the show crypto isakmp sa
I am geeting error
IKE Peer: 195.x.x.x
Type : L2L Role : responder
Rekey : no State : MM_REKEY_DONE_H2
IKE Peer: 196.x.x.x
Type : L2L Role : responder
Rekey : yes State : MM_ACTIVE_REKEY
Note pfs is not enabled on both the side.
When i excuted the command clear crypto isakmp sa than it is displaying as MM_active.
Can anyone explain me the reason.
ā03-04-2012 08:42 PM
Hi
Anyone faced this problem ?
ā02-04-2016 11:38 AM
Hello All, This issue is usually caused by security-association lifetime Mismatch in phase 2.
Match the Security association from both end and you will be fine.
Clearing the crypto Ipsec and Isakmp is a temporary measure though
ā06-03-2015 10:30 AM
Yes, I faced this issued..
I just bounce the phase 1 and it start work. I am not sure why this happen.
cisco# clear cry isa sa x.x.x.x
ā07-07-2015 04:51 AM
Hi all,
I faced the same issue today jaymin_thaker suggestion (cisco# clear cry isa sa x.x.x.x) worked out well.
ā08-13-2018 10:29 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide