Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
1
Replies

ASA Phase 1 question

wilson_1234_2
Level 3
Level 3

‎10-01-2009 05:38 AM

My understanding is that when configuring phase 1 parameters on the ASA, that depending on how the peers are configured, the ASA will go down the list of isakmp policies until a match is found.

Also, that phase 1 and phase 2 do not have to match in their policy partameters.

Hopefully this is not too obvious, because I am missing it:

Where can I see which isakmp policy a particular l2l tunnel is using?

"sh cry isa sa" only shows the status.

If I have a list of ten policies, and I only have access to my end (outside party l2l), how can I determine which phase 1 policy a particular tunnel is using?

Labels:
0 Helpful
1 Reply 1

wilson_1234_2
Level 3
Level 3

‎10-01-2009 10:39 AM

Found it:

sh vpn-sessiondb detail l2l

0 Helpful
Customers Also Viewed These Support Documents