ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24511
Views
5
Helpful
9
Replies
Highlighted
Beginner

what does it mean ( Role : responder and Role : initiator ) ?

Dear All,

I have some question about some error from ASA 5500?

some time i saw Role: Responder  and some time i saw Role: initiator

what does it mean ?

and what is the problem ?

HQ# sh crypto isakmp sa

   Active SA: 3
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3

1   IKE Peer: 10.189.137.8
    Type    : L2L             Role    : responder
    Rekey   : no              State   : MM_ACTIVE
2   IKE Peer: 10.189.137.10
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
3   IKE Peer: 10.189.137.9
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
HQ#

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: what does it mean ( Role : responder and Role :

Responder means that the peer initiated the VPN connection while Initiator means that the VPN tunnel is initiated from this end.

Hope that answers your question.

View solution in original post

Highlighted
Cisco Employee

Re: what does it mean ( Role : responder and Role :

MM_Active means that phase 1 is coming up OK - it's working fine.

The role of responder or initiator just means which device initiates the VPN tunnel. Whether your ASA is the one who initiates the VPN tunnel, or the remote peer initiates the VPN tunnel.

To identify whether phase 1 is working fine or not is the State: MM_ACTIVE. If the state is others, for example: MM_WAIT_MSG2, that means VPN is not working as it is waiting for Message#2.

View solution in original post

9 REPLIES 9
Highlighted
Cisco Employee

Re: what does it mean ( Role : responder and Role :

Responder means that the peer initiated the VPN connection while Initiator means that the VPN tunnel is initiated from this end.

Hope that answers your question.

View solution in original post

Highlighted
Beginner

Re: what does it mean ( Role : responder and Role :

Dear jennifer,

sorry i'm still not clear about this!!!

Role    : responder      it mean it working properly  right?

Role    : initiator          it mean it not workin properly right?

please help me more detail on this!!!!!

Thanks

Highlighted
Cisco Employee

Re: what does it mean ( Role : responder and Role :

MM_Active means that phase 1 is coming up OK - it's working fine.

The role of responder or initiator just means which device initiates the VPN tunnel. Whether your ASA is the one who initiates the VPN tunnel, or the remote peer initiates the VPN tunnel.

To identify whether phase 1 is working fine or not is the State: MM_ACTIVE. If the state is others, for example: MM_WAIT_MSG2, that means VPN is not working as it is waiting for Message#2.

View solution in original post

Highlighted
Beginner

Re: what does it mean ( Role : responder and Role :

Dear Jennifer,

Thanks for your help!!!

I will rate to you !!!

i close this question and i will create other question about VPN site to site ( HQ share internet to Branch)!!!

I Hope you can help me !!!

Bes Regards,

Highlighted
Beginner

Re: what does it mean ( Role : responder and Role :

Good Explanation ....

Highlighted
Participant

Re: what does it mean ( Role : responder and Role :

:0)

Highlighted

Re: what does it mean ( Role : responder and Role :

can you explain how to change Role from responder to initiator ?

Highlighted

Re: what does it mean ( Role : responder and Role :

can you explain how to change Role from responder to initiator ?

 
 
Highlighted
Beginner

Re: what does it mean ( Role : responder and Role :

Hi 

it's made automatically as soon as one peer of the tunnel to come up has a traffic for the remote encryption domain.