Wednesday, March 16, 2016

SITE TO SITE VPN Trouble shooting:

SITE to SITE VPN Trouble shooting:

VERIFICATION: Phase 1
TEST-RTR-02#show crypto isakmp sa | include 21.24.4.7
18.2.17.1    21.24.4.7   QM_IDLE          11557 ACTIVE

TEST-RTR-02#show crypto isakmp sa detail | include 21.24.4.7
11557 18.2.17.1    21.24.4.7            ACTIVE aes  sha5 psk  16 01:38:42   

VERIFICATION Phase 2:

TEST-RTR-02#show crypto ipsec sa peer 21.24.4.7
interface: GigabitEthernet0/2
    Crypto map tag: OM-IPSEC-MAP, local addr 18.2.17.1
   protected vrf: (none)
   local  ident (addr/mask/prot/port): (18.2.17.128/255.255.255.192/0/0)
   remote ident (addr/mask/prot/port): (192.168.27.128/255.255.255.128/0/0)
   current_peer 21.24.4.7 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 34831691, #pkts encrypt: 34831691, #pkts digest: 34831691
    #pkts decaps: 34497999, #pkts decrypt: 34497999, #pkts verify: 34497999
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 2163, #recv errors 8405

     local crypto endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/2
     current outbound spi: 0x7102AC91(1896000657)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0x9298BD94(2459483540)
        transform: esp-256-aes esp-sha512-hmac ,
        in use settings ={Tunnel, }
        conn id: 295, flow_id: SW:295, sibling_flags 80000046, crypto map: OM-IPSEC-MAP
        sa timing: remaining key lifetime (k/sec): (4449392/408)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x7102AC91(1896000657)
        transform: esp-256-aes esp-sha512-hmac ,
        in use settings ={Tunnel, }
        conn id: 296, flow_id: SW:296, sibling_flags 80000046, crypto map: OM-IPSEC-MAP
        sa timing: remaining key lifetime (k/sec): (4449789/408)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

TEST-RTR-02#show crypto ipsec sa detail | include 21.24.4.7
   current_peer 21.24.4.7 port 500
     local crypto endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7

TEST-RTR-02#show crypto ipsec sa | include 21.24.4.7
   current_peer 21.24.4.7 port 500
     local crypto endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7





at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)