12-17-2012 10:25 AM
hi everyone,
If IPSEC VPN is running between two sites how can we tell which site was IKE initiator and responder?
If both sites are big sites.
Thanks
Mahesh
Solved! Go to Solution.
12-17-2012 10:38 AM
If it is initiator you will get a output similiar to below. L2L Role will be initiator
Router#show crypto isakmp sa
1 IKE Peer: XX.XX.XX.XX
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
With Regards,
Safwan
Don't forget to rate helpful posts
12-17-2012 10:52 AM
Hello Mahesh,
First answer was how to check who is initiator on ASA.
In case of router
You can do "sh cry isa sa"
R2#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.10.10.2 10.10.10.1 QM_IDLE 7018 ACTIVE
10.10.10.1 10.10.10.2 MM_NO_STATE 7017 ACTIVE (deleted)
Owner of ip address in the column src is initiator
Best Regards,
Eugene
12-17-2012 10:38 AM
If it is initiator you will get a output similiar to below. L2L Role will be initiator
Router#show crypto isakmp sa
1 IKE Peer: XX.XX.XX.XX
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
With Regards,
Safwan
Don't forget to rate helpful posts
12-17-2012 10:47 AM
Hi,
when i run above command i only see
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
No type.
Thanks
Mahesh
12-17-2012 10:52 AM
Hello Mahesh,
First answer was how to check who is initiator on ASA.
In case of router
You can do "sh cry isa sa"
R2#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.10.10.2 10.10.10.1 QM_IDLE 7018 ACTIVE
10.10.10.1 10.10.10.2 MM_NO_STATE 7017 ACTIVE (deleted)
Owner of ip address in the column src is initiator
Best Regards,
Eugene
12-17-2012 10:57 AM
Hi Eugene,
Many thanks Once again.
Regards
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide