When show crypto isakmp sa ?

Unanswered Question
Oct 2nd, 2008

Dear All ,

I would like to ask you on ASA 5510 when i show crypto isakmp sa i saw responder and initiator. what are different and meaning? and next time i would like to know this issue how can i go to website for show this issue.....?

1 IKE Peer: 10.10.10.1

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

2 IKE Peer: 10.10.10.2

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

3 IKE Peer: 10.10.10.3

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

4 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

5 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

6 IKE Peer: 10.10.10.4

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

Note: both responder and initiator are working VPN.

Best Regards,

Join

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Thu, 10/02/2008 - 05:13

Hello,

I hope the below information helps.

In IPSec LAN-to-LAN connections, the security appliance can function as initiator or responder. In IPSec remote access connections, the security appliance functions only as responder. Initiators propose SAs; responders accept, reject, or make counter-proposals-all in accordance with configured security association (SA) parameters. To establish a connection, both entities must agree on the SAs.

In IPSec terminology, a peer is a remote-access client or another secure gateway.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html

Regards,

Arul

** Please rate all helpful posts **

Actions

This Discussion