cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2174
Views
0
Helpful
1
Replies

When show crypto isakmp sa ?

join_sn09
Level 1
Level 1

Dear All ,

I would like to ask you on ASA 5510 when i show crypto isakmp sa i saw responder and initiator. what are different and meaning? and next time i would like to know this issue how can i go to website for show this issue.....?

1 IKE Peer: 10.10.10.1

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

2 IKE Peer: 10.10.10.2

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

3 IKE Peer: 10.10.10.3

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

4 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

5 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

6 IKE Peer: 10.10.10.4

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

Note: both responder and initiator are working VPN.

Best Regards,

Join

1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

Hello,

I hope the below information helps.

In IPSec LAN-to-LAN connections, the security appliance can function as initiator or responder. In IPSec remote access connections, the security appliance functions only as responder. Initiators propose SAs; responders accept, reject, or make counter-proposals-all in accordance with configured security association (SA) parameters. To establish a connection, both entities must agree on the SAs.

In IPSec terminology, a peer is a remote-access client or another secure gateway.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html

Regards,

Arul

** Please rate all helpful posts **

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: