Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2723
Views
0
Helpful
5
Replies

There are no IKEv1 SAs

Amardeep Kumar
Level 1
Level 1

‎04-14-2019 02:12 PM - edited ‎04-14-2019 02:19 PM

Configured IP sec but when this Comamnd sh isakmp sa get the output

 

There are no IKEv1 SAs

 

sh run

 

access-list outside_cryptomap extended permit ip 172.16.8.0 255.255.248.0 object NETWORK_OBJ_192.168.12.0_22

nat (inside,outside) source static NETWORK_OBJ_172.16.8.0_21 NETWORK_OBJ_172.16.8.0_21 destination static NETWORK_OBJ_192.168.12.0_22 NETWORK_OBJ_192.168.12.0_22 no-proxy-arp route-lookup

 

crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 1.1.1.1
crypto map outside_map 1 set ikev1 transform-set USA

 

I I create Tunnel with ASA 1 to ASA 2 ASA 3 ASA 4 it is working but when I do with ASA 1 and ASA 5. not showing any thing. 

ASA 5 to asa 2 , asa 3 asa 4 p2p are also working. 

 

Is there any thing what is related to Switch ?

thanks

amardeep 

Labels:
0 Helpful
5 Replies 5

Dennis Mink
VIP Alumni
VIP Alumni

‎04-14-2019 04:34 PM

Can you add icmp to the acl as well so you canbring the tunnel up using ping. Alsocan you debug isakmp and ipsec and see what it does. Append to post please

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Amardeep Kumar
Level 1
Level 1
In response to Dennis Mink

‎04-15-2019 02:04 AM

Thank You

 

debug isakmp and ipsec

 

shows nothing about p2p. 

 

I have Wfilter placed behind both ASA. Is that making any difference . Btw i have removed one of wfilter from network to check but no luck. 

 

Thanks

amardeep 

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to Amardeep Kumar

‎04-15-2019 03:03 AM

What does the debug show? Are you seeing ike negotiation being responded by the far end at all?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Amardeep Kumar
Level 1
Level 1
In response to Dennis Mink

‎04-15-2019 03:38 AM

Hi

 

I dont see any negotiations from any end.

 

no result from debug command. 

 

Thanks

amardeep 

Preview file
5 KB
0 Helpful

Amardeep Kumar
Level 1
Level 1
In response to Dennis Mink

‎04-16-2019 02:26 AM

Hello, 

I would like to give more details on my problem. 

 

I have two buildings - B1 and B2. both building Connected through ISP P2P Fiber..

WE are using HP Switch to make this connection. 

 

On B1 Switch there are a Route defined. 

 

ip route 172.16.8.0 255.255.248.0 192.168.8.69

 

Same Route also configured on Firewall too. 

 

When I removed both of the Routes Tunnel get activated but there was no traffic follow. 

 

I put the routes again and Tunnel went down. 

 

But After that I removed Routes from both but Tunnel not showing as Active. I tried everything. 

 

Please suggest.

 

Thanks

amardeep 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card