show crypto isakmp sa

Unanswered Question
May 27th, 2008

Hello all!

I have a problem on a crypto ipsec tunnel between 2 PIX devices.

For some time I observed that absolutely randomly the connection (ping to the peer network) is not working for about 30 seconds.

I checked the load, traffic and so on, and nothing strange until now.

But at "show crypto isakmp sa" under the created field the number is incresing:

pix-central#show crypto isakmp sa

Total : 2

Embryonic : 0

dst src state pending created

xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy QM_IDLE 0 354

What is this field "created" and what are the numbers indicate?

Thank you!

Best regards,

Calin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bamnocadmin Tue, 05/27/2008 - 06:52

Hello,

I belive created filed means the number of created IKE SAs at the peer. QM_IDLE indiactes that the tunnel PhaseI is fine. Did you try ipsec/isakmp debug?

Thanks.

Calin Chiorean Tue, 05/27/2008 - 23:55

Hello and thanks for your answer.

I did not tried the debug yet, because there are a lot of warning about huge resources used by debug.This PIX is remote, and under high usage, so it is a little tricky to use debug.First I will try to find some explanation about this "created" field increasing number.Since it is only one tunnel and all the traffic is put on this tunnle created IKE SAa should be a low number, and not increase by every 5, 20, 50 min (this is randomly).

Actions

This Discussion