07-08-2020 06:35 AM - edited 07-08-2020 06:36 AM
FNKSBRPR2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
178.X.X.62 46.X.X.52 QM_IDLE 1036 ACTIVE
178.X.X.62 46.X.X.52 MM_NO_STATE 1035 ACTIVE (deleted)
FNKSBRPR2#
FNKSBRPR2#
FNKSBRPR2#show crypto ipsec sa
interface: Tunnel37
Crypto map tag: Tunnel37-head-0, local addr 46.X.X.52
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 178.X.X.62 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 22643, #pkts encrypt: 22643, #pkts digest: 22643
#pkts decaps: 25582, #pkts decrypt: 25582, #pkts verify: 25582
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 46.X.X.52, remote crypto endpt.: 178.X.X.62
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0/0
current outbound spi: 0xA807DDFC(2819087868)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5D6F061C(1567557148)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2073, flow_id: ESG:73, sibling_flags FFFFFFFF80000048, crypto map: Tunnel37-head-0
sa timing: remaining key lifetime (k/sec): (4607719/3584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xA807DDFC(2819087868)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2074, flow_id: ESG:74, sibling_flags FFFFFFFF80000048, crypto map: Tunnel37-head-0
sa timing: remaining key lifetime (k/sec): (4607758/3584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
FNKSBRPR2#
FNKSBRPR2#show crypto session
Crypto session current status
Interface: Tunnel37
Session status: UP-IDLE
Peer: 178.X.X.62 port 500
Session ID: 0
IKEv1 SA: local 46.X.X.52/500 remote 178.X.X.62/500 Active
Session ID: 0
IKEv1 SA: local 46.X.X.52/500 remote 178.X.X.62/500 Inactive
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 0, origin: crypto map
Solved! Go to Solution.
07-08-2020 01:30 PM
As per your original post - it was working long and your tunnel failed.
based on the information (there is no changes on both the ends - I believe)
The command will reset the tunnel and re-establish the tunnel (if it stuck )
you can see example :
07-08-2020 01:06 PM
clear the tunnel and check :
clear crypto sa peer x.x.x.x
07-08-2020 01:18 PM
how is this command supposed to help? i need some explaination if you dont mind :)
07-08-2020 01:20 PM
07-08-2020 01:30 PM
As per your original post - it was working long and your tunnel failed.
based on the information (there is no changes on both the ends - I believe)
The command will reset the tunnel and re-establish the tunnel (if it stuck )
you can see example :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide