11-02-2007 08:02 AM - edited 03-09-2019 07:12 PM
Hi
Can anyone explain the following.
At times when I issue the following commamand
sh crypto session detail
The status shows the following.
Session status: UP-NO-IKE
However, traffic is following between the type nodes running IPSEC.
How can the session be up if we have no IKE.
11-02-2007 09:14 AM
Hi,
When you see "UP-NO-IKE" when you run "show crypto session detail", this basically means that the IKE SA exists but inactive because the key exchange has already taken place.
Please refer the below URL for some excellent details on various status of IKE SA's.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d33e1.html
I hope it helps.
Regards,
Arul
** Please rate all helpful posts **
01-06-2018 10:19 PM
Above link doesn't works
01-22-2018 02:07 AM
The IKE phase 1 tunnel is only used to establish the IKE phase 2 tunnel, after the IKE phase 2 is up there is no need for the IKE phase 1. When the IKE phase 2 needs to be renegotiated the IKE phase 1 will be brought back up for that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide