Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
1
Replies

IPSec Tunnel Issue

jhaddix385
Level 1
Level 1

‎07-14-2010 09:56 AM - edited ‎02-21-2020 04:44 PM

I have setup IPSec Tunnel between two peers.  Below is a result of ip cry sa:

interface: outside
    Crypto map tag: outside_map, local addr. 192.200.222.16

   local  ident (addr/mask/prot/port): (FW_SEGMENT/255.255.240.0/0/0)
   remote ident (addr/mask/prot/port): (EDS_FW_SEGMENT/255.255.255.0/0/0)
   current_peer: EDSFW:500
   dynamic allocated peer ip: 0.0.0.0

     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 446, #pkts encrypt: 446, #pkts digest 446
    #pkts decaps: 377, #pkts decrypt: 377, #pkts verify 377
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 34531, #recv errors 0

     local crypto endpt.: 192.200.222.16, remote crypto endpt.: EDSFW
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 0

     inbound esp sas:


     inbound ah sas:


     inbound pcp sas:


     outbound esp sas:


     outbound ah sas:


     outbound pcp sas:

On the other peer there is something below in inbound esp sas and outbound but obviously on this peer there is not.  I am unable to ping from one peer to the other and the packet count has not increase once i run the command again.  Any ideas?

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-14-2010 12:10 PM

Phase 2 IPsec is not up.

The counters for encaps decaps are historic.

There are a lot of possibilities why this can happen. Debug cry isa and debug crypto ipsec will tell you more.

0 Helpful
Customers Also Viewed These Support Documents