05-27-2008 04:34 AM - edited 03-09-2019 08:47 PM
Hello all!
I have a problem on a crypto ipsec tunnel between 2 PIX devices.
For some time I observed that absolutely randomly the connection (ping to the peer network) is not working for about 30 seconds.
I checked the load, traffic and so on, and nothing strange until now.
But at "show crypto isakmp sa" under the created field the number is incresing:
pix-central#show crypto isakmp sa
Total : 2
Embryonic : 0
dst src state pending created
xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy QM_IDLE 0 354
What is this field "created" and what are the numbers indicate?
Thank you!
Best regards,
Calin
05-27-2008 06:52 AM
Hello,
I belive created filed means the number of created IKE SAs at the peer. QM_IDLE indiactes that the tunnel PhaseI is fine. Did you try ipsec/isakmp debug?
Thanks.
05-27-2008 11:55 PM
Hello and thanks for your answer.
I did not tried the debug yet, because there are a lot of warning about huge resources used by debug.This PIX is remote, and under high usage, so it is a little tricky to use debug.First I will try to find some explanation about this "created" field increasing number.Since it is only one tunnel and all the traffic is put on this tunnle created IKE SAa should be a low number, and not increase by every 5, 20, 50 min (this is randomly).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide