Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
38816
Views
15
Helpful
9
Replies

what does it mean ( Role : responder and Role : initiator ) ?

Go to solution
rechard_hk
Level 1
Level 1

‎09-28-2010 09:39 PM

Dear All,

I have some question about some error from ASA 5500?

some time i saw Role: Responder  and some time i saw Role: initiator

what does it mean ?

and what is the problem ?

HQ# sh crypto isakmp sa

   Active SA: 3
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3

1   IKE Peer: 10.189.137.8
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE
2   IKE Peer: 10.189.137.10
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
3   IKE Peer: 10.189.137.9
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
HQ#

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-28-2010 09:45 PM

Responder means that the peer initiated the VPN connection while Initiator means that the VPN tunnel is initiated from this end.

Hope that answers your question.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to rechard_hk

‎09-28-2010 10:07 PM

MM_Active means that phase 1 is coming up OK - it's working fine.

The role of responder or initiator just means which device initiates the VPN tunnel. Whether your ASA is the one who initiates the VPN tunnel, or the remote peer initiates the VPN tunnel.

To identify whether phase 1 is working fine or not is the State: MM_ACTIVE. If the state is others, for example: MM_WAIT_MSG2, that means VPN is not working as it is waiting for Message#2.

View solution in original post

9 Replies 9

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-28-2010 09:45 PM

Responder means that the peer initiated the VPN connection while Initiator means that the VPN tunnel is initiated from this end.

Hope that answers your question.

0 Helpful

Go to solution
rechard_hk
Level 1
Level 1
In response to Jennifer Halim

‎09-28-2010 09:49 PM

Dear jennifer,

sorry i'm still not clear about this!!!

Role    : responder      it mean it working properly  right?

Role    : initiator          it mean it not workin properly right?

please help me more detail on this!!!!!

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to rechard_hk

‎09-28-2010 10:07 PM

MM_Active means that phase 1 is coming up OK - it's working fine.

The role of responder or initiator just means which device initiates the VPN tunnel. Whether your ASA is the one who initiates the VPN tunnel, or the remote peer initiates the VPN tunnel.

To identify whether phase 1 is working fine or not is the State: MM_ACTIVE. If the state is others, for example: MM_WAIT_MSG2, that means VPN is not working as it is waiting for Message#2.

Go to solution
rechard_hk
Level 1
Level 1
In response to Jennifer Halim

‎09-29-2010 12:05 AM

Dear Jennifer,

Thanks for your help!!!

I will rate to you !!!

i close this question and i will create other question about VPN site to site ( HQ share internet to Branch)!!!

I Hope you can help me !!!

Bes Regards,

0 Helpful

Go to solution
itskannant123
Level 1
Level 1
In response to Jennifer Halim

‎02-06-2018 10:37 PM

Good Explanation ....

0 Helpful

Go to solution
engsoliman.elgazar1
Level 1
Level 1
In response to andy!doesnt!like!uucp

‎08-22-2019 03:54 AM

can you explain how to change Role from responder to initiator ?

0 Helpful

Go to solution
engsoliman.elgazar1
Level 1
Level 1
In response to Jennifer Halim

‎08-22-2019 03:55 AM

can you explain how to change Role from responder to initiator ?

 
 
0 Helpful

Go to solution
noc-germany1
Level 1
Level 1
In response to engsoliman.elgazar1

‎08-22-2019 09:58 AM

Hi 

it's made automatically as soon as one peer of the tunnel to come up has a traffic for the remote encryption domain.

0 Helpful
Customers Also Viewed These Support Documents