cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
464
Views
0
Helpful
2
Replies

show crypto isakmp sa

Calin C.
Level 5
Level 5

Hello all!

I have a problem on a crypto ipsec tunnel between 2 PIX devices.

For some time I observed that absolutely randomly the connection (ping to the peer network) is not working for about 30 seconds.

I checked the load, traffic and so on, and nothing strange until now.

But at "show crypto isakmp sa" under the created field the number is incresing:

pix-central#show crypto isakmp sa

Total : 2

Embryonic : 0

dst src state pending created

xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy QM_IDLE 0 354

What is this field "created" and what are the numbers indicate?

Thank you!

Best regards,

Calin

2 Replies 2

bamnocadmin
Level 1
Level 1

Hello,

I belive created filed means the number of created IKE SAs at the peer. QM_IDLE indiactes that the tunnel PhaseI is fine. Did you try ipsec/isakmp debug?

Thanks.

Hello and thanks for your answer.

I did not tried the debug yet, because there are a lot of warning about huge resources used by debug.This PIX is remote, and under high usage, so it is a little tricky to use debug.First I will try to find some explanation about this "created" field increasing number.Since it is only one tunnel and all the traffic is put on this tunnle created IKE SAa should be a low number, and not increase by every 5, 20, 50 min (this is randomly).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: