05-02-2011 11:49 AM - edited 03-11-2019 01:27 PM
FWSM/XXX#sh crypto ipsec SA PEer 152.3.134.153
interface: GigabitEthernet0/0.3211
Crypto map tag: RT-VPN, local addr 170.10.32.3
protected vrf: (none)
local ident (addr/mask/prot/port): (170.10.130.192/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (152.3.133.41/255.255.255.255/0/0)
current_peer 152.3.134.153 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest: 19
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 170.10.32.3, remote crypto endpt.: 152.3.134.153
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0.3211
current outbound spi:
what could be the causes for packet decap to become ZERO.
When I checked the sh crypto isakmp sa , the tunnel is active.
Guys - Have u experienced this kind of issue before. There are few more tunnel in the same FWSM , which all are working fine.
Regards,
05-02-2011 01:41 PM
Try sending some traffic through this tunnel , like ping the device on the other end of the tunnel. If the tunnel is active and you get echo reply back , then both counters will increase. In your case right now , it appears that your device is sending traffic but nothing is coming back from the other end.
Manish
05-02-2011 08:59 PM
Thanx , I will update u shortly.
Regards,
05-02-2011 09:38 PM
Hi,
I just trying to re establish the session , please tell me how to do it for a specific peer (not for all the peers) ?
for phase 1 ( crypto isakmp sa) ?
for phase 2 ( crypto ipsec sa) ?
05-03-2011 01:03 AM
Hi,
To establish a tunnel you need to ping between the interesting traffic. Without traffic being passed, the session or tunnel will not come up.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: