06-21-2010 05:19 AM - edited 03-11-2019 11:01 AM
Hi,
I am facing issue with VPN in pix runnung 6.3..
When i "issue sh crypto is sa" it shows the state is in MM_ACTIVE, what may be the issue... ?
is it possible to check debug for one sa in pix running 6.3 image?
Regards
amar
06-21-2010 06:58 AM
Hi,
MM_ACTIVE or QM_IDLE are good messages in phase 1.
Is phase 2 getting built?
I believe the debug crypto condition is not an option in 6.3 to check only one peer.
Federico.
06-21-2010 09:23 AM
Dear Federico.
I have gone through som doc and it says that the 7.0 and later should have MM_ACTIVE but earlier version should have QM_IDLE.
Regards
Amar
06-21-2010 09:53 AM
Amar,
I think you're right but let's check the following:
Is phase 2 coming up?
Is is a site to site VPN between which other device?
Federico.
07-04-2010 07:51 AM
Hi,
I have opened a TAC and seems its memory leak issue..
when phase 1 try to estaiblish.. device is not able to allocate memory blocks..
when run debug, we found the error saying unable to allocate 2560 bytes block size.. and due to this every time phase 1 try to establish it hangs.. it shows multiple phase 1 session for same tunnle..
TAC Recommended to upgrade to next version, but we cant upgrade immediately as upgradation required memory upgrade..
Waiting for further response from TAC as he is troubleshooting the memory leak issue..
Regards
Amar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide