TED show crypto isakmp sa strange output

Unanswered Question
Oct 27th, 2009
User Badges:

i configured site-to-site vpn using TED betwen branches & HQ , when i access the branch the router & make show crypto isakmp sa , i find the following strange output:


Branch#sh cry is sa

dst src state conn-id slot status

10.20.112.1 10.26.50.254 QM_IDLE 2 0 ACTIVE

10.20.100.220 10.26.10.200 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.220 10.26.10.200 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.220 10.26.10.200 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.220 10.26.10.200 MM_NO_STATE 0 0 ACTIVE (deleted)

10.20.100.220 10.26.10.200 MM_NO_STATE 0 0 ACTIVE (deleted)

10.20.100.221 10.26.10.250 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.221 10.26.10.250 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.221 10.26.10.250 MM_NO_STATE 0 0 ACTIVE (deleted)

10.20.100.221 10.26.10.250 MM_NO_STATE 0 0 ACTIVE (deleted)

10.20.100.15 10.26.10.230 PEER_DISCOVERY 0 0 ACTIVE

10.20.100.15 10.26.10.230 MM_NO_STATE 0 0 ACTIVE (deleted)

10.20.100.15 10.26.10.230 MM_NO_STATE 0 0 ACTIVE (deleted)



the branch vpn configuration is :


crypto isakmp policy 10

authentication pre-share

crypto isakmp key ****** address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 10

!

!

crypto ipsec transform-set my-transform esp-3des esp-md5-hmac

!

crypto dynamic-map dyn-map 10

set transform-set my-transform

match address VPN-Traffic

!

!

crypto map vpn local-address Loopback1

crypto map vpn 10 ipsec-isakmp dynamic dyn-map discover

!

!

!

!

interface Loopback1

ip address 10.26.50.254 255.255.255.0


interface Serial0/0/0.1 point-to-point

ip address 192.168.10.50 255.255.255.252

ip access-group TUB out

frame-relay interface-dlci 16

crypto map vpn

!


!

interface Serial0/0/1.1 point-to-point

ip address 192.168.20.50 255.255.255.252

ip access-group TUB out

frame-relay interface-dlci 50

crypto map vpn



ip access-list extended VPN-Traffic

permit ip 10.26.10.0 0.0.0.255 10.20.100.0 0.0.0.255

permit ip 10.26.10.0 0.0.0.255 10.20.200.0 0.0.0.255

permit ip 10.26.10.0 0.0.0.255 10.20.150.0 0.0.0.255

permit ip 10.26.10.0 0.0.0.255 10.20.30.0 0.0.0.255



it should give me only :


branch#sh cry is sa

dst src state conn-id slot status

10.20.112.1 10.26.50.254 QM_IDLE 2 0 ACTIVE


so is this a bug in the branch router IOS

version used is :

c2800nm-advipservicesk9-mz.124-3g.bin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion