Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1354
Views
15
Helpful
16
Replies

L2L IKEV2 IPSEC TUNNEL - ESTABLISHED SAs -

Prime56
Level 1
Level 1

‎02-15-2022 01:26 PM

Hi all,

I have a SA established and am trying to ping the remote tunnel interface. I have my site set to 172.16.118.1 and the remote side set to 118.2.

After attempting to ping, I issue show crypto ipsec sa and I see this:

 

#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

What would be causing this? I've enabled NAT traversal, management-access inside, any other suggestions?

I'll be happy to provide any output needed.

Labels:
16 Replies 16

Prime56
Level 1
Level 1
In response to MHM Cisco World

‎02-15-2022 04:07 PM

Can we dial it back? My issue isn't sending the traffic over the VPN, its pinging the directly connected VTI interface. I would like that to be successful before adding routes to route the traffic.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Prime56

‎02-15-2022 04:50 PM

simply tunnel shutdown and do ping again, do you see same encrypt hit and decrypt miss ?

0 Helpful
Customers Also Viewed These Support Documents