cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
737
Views
0
Helpful
1
Replies
Highlighted

Show Crypto session dumps different between 2811 and 2901 routers

I have installed a new 2901 router with the IOS version 15 code (c2900-universalk9-mz.SPA.152-3.T.bin).  I have a template config that I have created for my remote VPN routers that I have been using on 2811 routers with version 12.4 (c2800nm-advipservicesk9-mz.124-24.T1.bin).

I do have the securityk9 active on the 2901 software.

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------

Technology    Technology-package           Technology-package

              Current       Type           Next reboot 

------------------------------------------------------------------

ipbase        ipbasek9      Permanent      ipbasek9

security      securityk9    Permanent      securityk9

uc            None          None           None

data          None          None           None

Issue is when I do a "show crypto session" the GRE tunnels session status read down on the 2901 router but on the 2811 session reads up-active.

Everything is working and I am routing over the GRE Tunnels.  Can someone explain this to me.

2901 display:

Interface: Tunnel0

Session status: DOWN

Peer: xxx.xxx.xxx.xxx port 500

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 0, origin: crypto map

Interface: Tunnel0

Session status: DOWN

Peer: xxx.xxx.xxx.xxx port 500

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 0, origin: crypto map

Interface: Tunnel1

Session status: DOWN

Peer: xxx.xxx.xxx.xxx port 500

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 0, origin: crypto map

Interface: Tunnel1

Session status: DOWN

Peer: xxx.xxx.xxx.xxx port 500

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 0, origin: crypto map

Interface: GigabitEthernet0/0

Session status: UP-ACTIVE    

Peer: xxx.xxx.xxx.xxx port 500

  IKEv1 SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 2, origin: crypto map

Interface: GigabitEthernet0/0

Session status: UP-ACTIVE    

Peer: xxx.xxx.xxx.xxx port 500

  IKEv1 SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 2, origin: crypto map

display from 2811 router:

Crypto session current status

Interface: Tunnel0 Tunnel1 FastEthernet0/0

Session status: UP-ACTIVE    

Peer: xxx.xxx.xxx.xxx port 500

  IKE SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 2, origin: crypto map

Interface: Tunnel0 Tunnel1 FastEthernet0/0

Session status: UP-ACTIVE    

Peer: xxx.xxx.xxx.xxx port 500

  IKE SA: local xxx.xxx.xxx.xxx/500 remote xxx.xxx.xxx.xxx/500 Active

  IPSEC FLOW: permit 47 host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx

        Active SAs: 2, origin: crypto map

1 REPLY 1
Highlighted

More configuration information.  I am piering with two host routers that is why there is two GRE Tunnels and crypto session on each remote 2811 and 2901 routers.

Content for Community-Ad