SITE to SITE VPN
Trouble shooting:
VERIFICATION: Phase 1
TEST-RTR-02#show
crypto isakmp sa | include 21.24.4.7
18.2.17.1 21.24.4.7 QM_IDLE 11557 ACTIVE
TEST-RTR-02#show
crypto isakmp sa detail | include 21.24.4.7
11557 18.2.17.1 21.24.4.7 ACTIVE aes sha5 psk
16 01:38:42
VERIFICATION Phase 2:
TEST-RTR-02#show
crypto ipsec sa peer 21.24.4.7
interface: GigabitEthernet0/2
Crypto map tag:
OM-IPSEC-MAP, local addr 18.2.17.1
protected vrf:
(none)
local ident (addr/mask/prot/port): (18.2.17.128/255.255.255.192/0/0)
remote ident
(addr/mask/prot/port): (192.168.27.128/255.255.255.128/0/0)
current_peer 21.24.4.7
port 500
PERMIT,
flags={origin_is_acl,}
#pkts encaps:
34831691, #pkts encrypt: 34831691, #pkts digest: 34831691
#pkts decaps:
34497999, #pkts decrypt: 34497999, #pkts verify: 34497999
#pkts compressed:
0, #pkts decompressed: 0
#pkts not
compressed: 0, #pkts compr. failed: 0
#pkts not
decompressed: 0, #pkts decompress failed: 0
#send errors 2163,
#recv errors 8405
local crypto
endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7
path mtu 1500, ip
mtu 1500, ip mtu idb GigabitEthernet0/2
current outbound
spi: 0x7102AC91(1896000657)
PFS (Y/N): N, DH
group: none
inbound esp sas:
spi:
0x9298BD94(2459483540)
transform:
esp-256-aes esp-sha512-hmac ,
in use
settings ={Tunnel, }
conn id: 295,
flow_id: SW:295, sibling_flags 80000046, crypto map: OM-IPSEC-MAP
sa timing:
remaining key lifetime (k/sec): (4449392/408)
IV size: 16
bytes
replay
detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi:
0x7102AC91(1896000657)
transform:
esp-256-aes esp-sha512-hmac ,
in use
settings ={Tunnel, }
conn id: 296,
flow_id: SW:296, sibling_flags 80000046, crypto map: OM-IPSEC-MAP
sa timing:
remaining key lifetime (k/sec): (4449789/408)
IV size: 16
bytes
replay
detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
TEST-RTR-02#show
crypto ipsec sa detail | include 21.24.4.7
current_peer 21.24.4.7
port 500
local crypto
endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7
TEST-RTR-02#show
crypto ipsec sa | include 21.24.4.7
current_peer 21.24.4.7
port 500
local crypto
endpt.: 18.2.17.1, remote crypto endpt.: 21.24.4.7
No comments:
Post a Comment