08-11-2008 12:14 AM - edited 03-06-2019 12:42 AM
What would be the problem the crypto session shows down.
But I can ping peer to peer.
AIRTEL-DELHI#sh crypto se
Crypto session current status
Interface: Serial0
Session status: DOWN
Peer: 172.26.8.10 port 500
IPSEC FLOW: permit ip 10.97.37.0/255.255.255.0 172.26.8.0/255.255.255.0
Active SAs: 0, origin: crypto map
08-11-2008 03:21 AM
Please provide running-config
08-11-2008 03:24 AM
manjunatha
When you ping is the source address in 10.97.37.0 (the source addresses apparently selected in the access list that is part of the crypto map)?
Other than possible issues is the addressing there are several other things that might keep the session from coming active. These might include:
- possible mismatch of preshared keys.
- possible mismatch of ISAKMP parameters.
- possible mismatch of IPSec parameters.
- possible filtering of the ISAKMP or IPSec packets.
It might help us to find your problem if you would post the config.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide