Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
1
Helpful
4
Replies

Isakmp with type 6 password

Daniel Smith
Level 1
Level 1

‎10-11-2024 03:31 AM

I need to update code on an asr1001x. This device has encrypted tunnels out to Amazon Web Services. We updated the Rommon and reloaded, then set up for the new code and reloaded again. Device came back fine but isakmp would not proceed to qm_idle state. No changes were made on the far end. A visual comparison of the password in the config of both ends indicated a match, however at the AWS side there was no indication of being a type 6. The person that got these going originally is no longer on staff so no help there. I hoping you have better understanding of this process than I. 

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎10-11-2024 03:43 AM

Qm-idle meaning phaseI is success

Check 

Show crypto session details 

Show crypto ipsec sa 

MHM

0 Helpful

Daniel Smith
Level 1
Level 1
In response to MHM Cisco World

‎10-11-2024 04:13 AM

Unfortunately, the session after reload and code upgrade does not get to the qm_idle state, that is the issue. I cannot gather specific details on this as we had to revert the code upgrade to get the tunnels back working.

 

M02@rt37
VIP
VIP

‎10-11-2024 03:48 AM - edited ‎10-11-2024 03:49 AM

Hello @Daniel Smith 

QM_IDLE means the SA remains authenticated with its peer and may be used for subsequent quick mode exchanges for additional IPsec SAs... so it seems to be good.

Please provide us outputs asked.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents