Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 6.3 IPSEC VPN.. MM_ACTIVE

Hi,

I am facing issue with VPN in pix runnung 6.3..

When i "issue sh crypto is sa" it shows the state is in MM_ACTIVE, what may be the issue... ?

is it possible to check debug for one sa in pix running 6.3 image?

Regards

amar

4 REPLIES

Re: PIX 6.3 IPSEC VPN.. MM_ACTIVE

Hi,

MM_ACTIVE or QM_IDLE are good messages in phase 1.

Is phase 2 getting built?

I believe the debug crypto condition is not an option in 6.3 to check only one peer.

Federico.

Community Member

Re: PIX 6.3 IPSEC VPN.. MM_ACTIVE

Dear Federico.

I have gone through som doc and it says that the 7.0 and later should have MM_ACTIVE but earlier version should have QM_IDLE.

Regards

Amar

Re: PIX 6.3 IPSEC VPN.. MM_ACTIVE

Amar,

I think you're right but let's check the following:

Is phase 2 coming up?

Is is a site to site VPN between which other device?

Federico.

Community Member

Re: PIX 6.3 IPSEC VPN.. MM_ACTIVE

Hi,

I have opened a TAC and seems its memory leak issue..

when phase 1 try to estaiblish.. device is not able to allocate memory blocks..

when run debug, we found the error saying unable to allocate 2560 bytes block size.. and due to this every time phase 1 try to establish it hangs.. it shows multiple phase 1 session for same tunnle..

TAC Recommended to upgrade to next version, but we cant upgrade immediately as upgradation required memory upgrade..

Waiting for further response from TAC as he is troubleshooting the memory leak issue..

Regards

Amar

982
Views
0
Helpful
4
Replies
CreatePlease to create content