Hi

My H.O Firebox LAN segment is 172.29.32.0/24 which is connected to a Router(fa0/0) and Router fa0/1) is P.Q.0.0/16.

Topology is:

INTERNET

||

Firebox

|| 172.29.32.0/24

Router

|| P.Q.0.0/16

LAN

Hi

current outbound spi: 0

Why is it 0? inbound esp sas: and outbound esp sas: is blank, why is it so? is there any config mismatch?

RT#show cry ipse sa details

interface: FastEthernet0/1

Crypto map tag: SDM_CMAP_1, local addr. A.B.C.221

protected vrf:

local ident (addr/mask/prot/port): (172.29.08.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (172.29.32.0/255.255.255.0/0/0)

current_peer: X.Y.Z.34:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#pkts no sa (send) 5, #pkts invalid sa (rcv) 0

#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0

#pkts invalid prot (recv) 0, #pkts verify failed: 0

#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0

#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0

##pkts replay failed (rcv): 0

#pkts internal err (send): 0, #pkts internal err (recv) 0

local crypto endpt.: A.B.C.221, remote crypto endpt.: X.Y.Z.34

path mtu 1500, media mtu 1500

current outbound spi: 0 <<<==============================================????????

inbound esp sas: <<<==============================================????????

inbound ah sas:

inbound pcp sas:

outbound esp sas: <<<==============================================????????

outbound ah sas:

outbound pcp sas:

protected vrf:

local ident (addr/mask/prot/port): (172.29.08.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (P.Q.0.0/255.255.0.0/0/0)

current_peer: X.Y.Z.34:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 558, #pkts encrypt: 558, #pkts digest: 558

#pkts decaps: 867, #pkts decrypt: 867, #pkts verify: 867

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#pkts no sa (send) 0, #pkts invalid sa (rcv) 0

#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0

#pkts invalid prot (recv) 0, #pkts verify failed: 0

#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0

#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0

##pkts replay failed (rcv): 0

#pkts internal err (send): 0, #pkts internal err (recv) 0

local crypto endpt.: A.B.C.221, remote crypto endpt.: X.Y.Z.34

path mtu 1500, media mtu 1500

current outbound spi: D04DC07

inbound esp sas:

spi: 0xB3180750(3004696400)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 5135, flow_id: 15, crypto map: SDM_CMAP_1

crypto engine type: Hardware, engine_id: 2

sa timing: remaining key lifetime (k/sec): (7845/18360)

ike_cookies: 8F94B16A 3D3FEA1F 4DB5E41F B4C9E1FE

IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

outbound esp sas:

spi: 0xD04DC07(218422279)

transform: esp-3des esp-sha-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 5136, flow_id: 16, crypto map: SDM_CMAP_1

crypto engine type: Hardware, engine_id: 2

sa timing: remaining key lifetime (k/sec): (7914/18354)

ike_cookies: 8F94B16A 3D3FEA1F 4DB5E41F B4C9E1FE

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

RT#