cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14237
Views
14
Helpful
3
Replies

show crypto session

Kevin Hart
Level 1
Level 1

Hi

Can anyone explain the following.

At times when I issue the following commamand

sh crypto session detail

The status shows the following.

Session status: UP-NO-IKE

However, traffic is following between the type nodes running IPSEC.

How can the session be up if we have no IKE.

3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

Hi,

When you see "UP-NO-IKE" when you run "show crypto session detail", this basically means that the IKE SA exists but inactive because the key exchange has already taken place.

Please refer the below URL for some excellent details on various status of IKE SA's.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d33e1.html

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

Above link doesn't works

mhrznamn
Level 1
Level 1

The IKE phase 1 tunnel is only used to establish the IKE phase 2 tunnel, after the IKE phase 2 is up there is no need for the IKE phase 1. When the IKE phase 2 needs to be renegotiated the IKE phase 1 will be brought back up for that.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: