IPSec Tunnel Issue

Unanswered Question
Jul 14th, 2010
User Badges:

I have setup IPSec Tunnel between two peers.  Below is a result of ip cry sa:


interface: outside
    Crypto map tag: outside_map, local addr. 192.200.222.16

   local  ident (addr/mask/prot/port): (FW_SEGMENT/255.255.240.0/0/0)
   remote ident (addr/mask/prot/port): (EDS_FW_SEGMENT/255.255.255.0/0/0)
   current_peer: EDSFW:500
   dynamic allocated peer ip: 0.0.0.0

     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 446, #pkts encrypt: 446, #pkts digest 446
    #pkts decaps: 377, #pkts decrypt: 377, #pkts verify 377
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 34531, #recv errors 0

     local crypto endpt.: 192.200.222.16, remote crypto endpt.: EDSFW
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 0

     inbound esp sas:


     inbound ah sas:


     inbound pcp sas:


     outbound esp sas:


     outbound ah sas:


     outbound pcp sas:



On the other peer there is something below in inbound esp sas and outbound but obviously on this peer there is not.  I am unable to ping from one peer to the other and the packet count has not increase once i run the command again.  Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Wed, 07/14/2010 - 12:10
User Badges:
  • Cisco Employee,

Phase 2 IPsec is not up.

The counters for encaps decaps are historic.


There are a lot of possibilities why this can happen. Debug cry isa and debug crypto ipsec will tell you more.

Actions

This Discussion