cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
466
Views
0
Helpful
1
Replies

Interpreting debug crypto isakmp

ronshuster
Level 1
Level 1

Is anyone aware of a link where one can reference what configuration line is missing from the firweall when running a "debug crypto isakmp 250"

Yesterday I lost all my tunnels, ran this debug and got the following:

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1]: IKE receiver: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:03 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

I am looking to explain the above debug results as well as a link that will associate a debug output with what's missing in a config.

any idea?

1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

Hello Roni,

Looks like you are running into Bug ID CSCsk44832.

Please use the below URL to look up the bug id and the version that has the fix.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Also, link to the release notes for 7.2 code.

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn724.html

Regards,

Arul

** Please rate all helpful posts **

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: