show crypto isakmp sa

Unanswered Question
May 27th, 2008
User Badges:
  • Silver, 250 points or more

Hello all!



I have a problem on a crypto ipsec tunnel between 2 PIX devices.

For some time I observed that absolutely randomly the connection (ping to the peer network) is not working for about 30 seconds.

I checked the load, traffic and so on, and nothing strange until now.

But at "show crypto isakmp sa" under the created field the number is incresing:


pix-central#show crypto isakmp sa

Total : 2

Embryonic : 0

dst src state pending created


xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy QM_IDLE 0 354

What is this field "created" and what are the numbers indicate?


Thank you!


Best regards,

Calin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bamnocadmin Tue, 05/27/2008 - 06:52
User Badges:

Hello,


I belive created filed means the number of created IKE SAs at the peer. QM_IDLE indiactes that the tunnel PhaseI is fine. Did you try ipsec/isakmp debug?


Thanks.

Calin Chiorean Tue, 05/27/2008 - 23:55
User Badges:
  • Silver, 250 points or more

Hello and thanks for your answer.

I did not tried the debug yet, because there are a lot of warning about huge resources used by debug.This PIX is remote, and under high usage, so it is a little tricky to use debug.First I will try to find some explanation about this "created" field increasing number.Since it is only one tunnel and all the traffic is put on this tunnle created IKE SAa should be a low number, and not increase by every 5, 20, 50 min (this is randomly).

Actions

This Discussion