Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
10
Helpful
3
Replies

Why the same src and dst addresses on ISAKMP SA

krystianstrycharz
Level 1
Level 1

‎04-13-2017 01:00 AM

Could somebody explain me why on both sides of VPN tunnel are the same source and destination addresses? It shouldn't be change in this and on R4 should be dst=212.26.100.2 src=197.4.55.2? ISAKMP creates 2 one-way connections, not one, and here is one conn-id 1026. Unless this refer to IPSec tunnel and not only to ISAKMP. I am confused.  Below are listings.

R1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst              src                     state         conn-id      status
197.4.55.2   212.26.100.2    QM_IDLE  1026         ACTIVE

R4# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst               src                    state         conn-id     status
197.4.55.2    212.26.100.2   QM_IDLE  1026        ACTIVE

TFH

Labels:
0 Helpful
3 Replies 3

ajay chauhan
Level 7
Level 7

‎04-13-2017 01:12 AM

That is perfectly fine .This is because the source is always going to be the IP that initiated the tunnel (brought the tunnel up).

Hope this helps.

Ajay

krystianstrycharz
Level 1
Level 1
In response to ajay chauhan

‎04-13-2017 02:06 AM

Thanks Ajay!

I have one extra question, why state is QuickMode and not MainMode? QM is mode of phase2...

0 Helpful

ajay chauhan
Level 7
Level 7
In response to krystianstrycharz

‎04-13-2017 02:11 AM

In IOS you can see only in debug which mode is being used else final stage will be quick mode.

Ajay

Customers Also Viewed These Support Documents