05-02-2011 11:49 AM - edited 03-11-2019 01:27 PM
FWSM/XXX#sh crypto ipsec SA PEer 152.3.134.153
interface: GigabitEthernet0/0.3211
Crypto map tag: RT-VPN, local addr 170.10.32.3
protected vrf: (none)
local ident (addr/mask/prot/port): (170.10.130.192/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (152.3.133.41/255.255.255.255/0/0)
current_peer 152.3.134.153 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest: 19
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 170.10.32.3, remote crypto endpt.: 152.3.134.153
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0.3211
current outbound spi:
what could be the causes for packet decap to become ZERO.
When I checked the sh crypto isakmp sa , the tunnel is active.
Guys - Have u experienced this kind of issue before. There are few more tunnel in the same FWSM , which all are working fine.
Regards,
05-02-2011 01:41 PM
Try sending some traffic through this tunnel , like ping the device on the other end of the tunnel. If the tunnel is active and you get echo reply back , then both counters will increase. In your case right now , it appears that your device is sending traffic but nothing is coming back from the other end.
Manish
05-02-2011 08:59 PM
Thanx , I will update u shortly.
Regards,
05-02-2011 09:38 PM
Hi,
I just trying to re establish the session , please tell me how to do it for a specific peer (not for all the peers) ?
for phase 1 ( crypto isakmp sa) ?
for phase 2 ( crypto ipsec sa) ?
05-03-2011 01:03 AM
Hi,
To establish a tunnel you need to ping between the interesting traffic. Without traffic being passed, the session or tunnel will not come up.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide