- Cisco Community
- Technology and Support
- Security
- Network Security
- S2S VPN is up, but traffic doesn't flow...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
S2S VPN is up, but traffic doesn't flow...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2013 03:39 PM - edited 03-11-2019 08:13 PM
Ran the following. Note that routable IP addresses and locations have been censored.
VPN-ASA5505# packet-tracer input inside icmp 10.162.99.151 0 0 10.91.164.25
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
object-group network VPN_A_to_B
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_B_to_A
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any outside any
NAT exempt
translate_hits = 81288, untranslate_hits = 691245
Additional Information:
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1893817, packet dispatched to next module
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505#
VPN-ASA5505# packet-tracer input outside icmp 10.91.164.25 0 0 10.162.99.151
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.162.99.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit ip object-group VPN_B_to_A object-group VPN_A_to_B
object-group network VPN_B_to_A
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
object-group network VPN_A_to_B
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1893849, packet dispatched to next module
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505#
VPN-ASA5505# sh crypto ipsec sa peer <IP>
peer address: <IP>
Crypto map tag: outside_map, seq num: 9, local addr: <IP>
access-list outside_9_cryptomap extended permit ip 172.16.55.0 255.255.255.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (172.16.55.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: <IP>
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 377, #pkts decrypt: 377, #pkts verify: 377
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: <IP>, remote crypto endpt.: <IP>
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FF521486
current inbound spi : 87986571
inbound esp sas:
spi: 0x87986571 (2274911601)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1716224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373977/25122)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xFF521486 (4283569286)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1716224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/25122)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: <IP>
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 668, #pkts decrypt: 668, #pkts verify: 668
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: <IP>, remote crypto endpt.: <IP>
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 6456F44A
current inbound spi : 208061FC
inbound esp sas:
spi: 0x208061FC (545284604)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1716224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373960/25123)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x6456F44A (1683420234)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1716224, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/25122)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
RELEVANT CONFIGURATION BITS:
crypto map outside_map 9 match address outside_9_cryptomap
crypto map outside_map 9 set peer <IP>
crypto map outside_map 9 set transform-set ESP-3DES-SHA ESP-DES-MD5
access-list outside_9_cryptomap extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
object-group network VPN_A_to_B
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_B_to_A
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
access-list inside_access_in extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
access-list outside_access_in extended permit ip object-group VPN_B_to_A object-group VPN_A_to_B
interface Vlan100
description Access to Lan
nameif inside
security-level 100
ip address 10.161.0.70 255.255.0.0
ospf cost 10
interface Vlan200
description Access to Internet
nameif outside
security-level 0
ip address <IP> 255.255.255.224
ospf cost 10
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
crypto map outside_map interface outside
Ping statistics for 10.91.164.25:
Packets: Sent = 253, Received = 0, Lost = 253 (100% loss),
Control-C
^C
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-list NONAT remark Exemption for VPN A-B
access-list NONAT extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
It *LOOKS* like this should work, but for whatever reason, I still can't ping 10.91.164.25 from my 10.162.99.151 IP. Any assistance would be great! Thanks, in advance.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2013 08:02 PM
Hello Budy,
First of all based on the sysopt permit connection-vpn this is not needed:
access-list outside_access_in extended permit ip object-group VPN_B_to_A object-group VPN_A_to_B
I would also would like to see the routing (Just make sure you do not have some sort of route inside 10.0.0.0 255.0.0.0 buddy)
Now the most important part 'What version are you running"
Could be a duplicate SPI issue.
Check my blog and read about this and also enroll to get networking updates every week bud
I created that one just for issues like yours hehe,
Regards,
Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 07:55 AM
It sure looks like that is the issue. Does the rest of the configuration look like it should work?
VPN-ASA5505# packet-tracer input inside udp 10.162.99.251 1610 10.91.164.25 33$
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip object-group VPN_DC_to_Noida object-group VPN_Noida_to_DC
object-group network VPN_DC_to_Noida
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_Noida_to_DC
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd843eef8, priority=12, domain=permit, deny=false
hits=3, user_data=0xd64ea8d0, cs_id=0x0, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd8237d98, priority=0, domain=inspect-ip-options, deny=true
hits=131549, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any outside any
NAT exempt
translate_hits = 6411, untranslate_hits = 43025
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd839d8f0, priority=6, domain=nat-exempt, deny=false
hits=6837, user_data=0xd839d830, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841bb60, priority=1, domain=nat, deny=false
hits=14938, user_data=0xd841baa0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841b6b0, priority=1, domain=host, deny=false
hits=132965, user_data=0xd841b298, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xda1558c8, priority=70, domain=encrypt, deny=false
hits=3, user_data=0x63fe24, cs_id=0xd8d07368, reverse, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xda14ee48, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=1, user_data=0x643484, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.91.164.0, mask=255.255.255.0, port=0
dst ip=10.162.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd8286c88, priority=0, domain=inspect-ip-options, deny=true
hits=75389, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 134102, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505# packet-tracer input inside udp 10.162.99.251 1610 10.91.164.25 33$
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip object-group VPN_DC_to_Noida object-group VPN_Noida_to_DC
object-group network VPN_DC_to_Noida
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_Noida_to_DC
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd843eef8, priority=12, domain=permit, deny=false
hits=4, user_data=0xd64ea8d0, cs_id=0x0, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd8237d98, priority=0, domain=inspect-ip-options, deny=true
hits=131558, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any outside any
NAT exempt
translate_hits = 6412, untranslate_hits = 43028
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd839d8f0, priority=6, domain=nat-exempt, deny=false
hits=6838, user_data=0xd839d830, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841bb60, priority=1, domain=nat, deny=false
hits=14939, user_data=0xd841baa0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841b6b0, priority=1, domain=host, deny=false
hits=132974, user_data=0xd841b298, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xda1558c8, priority=70, domain=encrypt, deny=false
hits=4, user_data=0x63fe24, cs_id=0xd8d07368, reverse, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xda14ee48, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=2, user_data=0x643484, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.91.164.0, mask=255.255.255.0, port=0
dst ip=10.162.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd8286c88, priority=0, domain=inspect-ip-options, deny=true
hits=75393, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 134111, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505# sh asp table vpn-context detail
VPN CTX = 0x00643484
Peer IP = 10.91.164.0
Pointer = 0xDA14ED00
State = UP
Flags = DECR+ESP
SA = 0x0213DEE1
SPI = 0xADB2D6B7
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0063FE24
Peer IP = 10.91.164.0
Pointer = 0xDA03AE08
State = UP
Flags = ENCR+ESP
SA = 0x0217DAC7
SPI = 0xFA97197C
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00633CAC
Peer IP = 10.91.136.0
Pointer = 0xD8293A68
State = UP
Flags = DECR+ESP
SA = 0x020E7AEB
SPI = 0xE8909724
Group = 0
Pkts = 13
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0062EDEC
Peer IP = 10.91.136.0
Pointer = 0xD52A7478
State = UP
Flags = ENCR+ESP
SA = 0x02102049
SPI = 0x67EBB1F3
Group = 0
Pkts = 14
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00626E94
Peer IP = 10.91.130.0
Pointer = 0xDA033528
State = UP
Flags = DECR+ESP
SA = 0x020A9165
SPI = 0xE7FDBBA6
Group = 0
Pkts = 8
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00619674
Peer IP = 10.91.130.0
Pointer = 0xD9FFF498
State = UP
Flags = ENCR+ESP
SA = 0x020CDE3B
SPI = 0x1906B5D4
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0061443C
Peer IP = 10.44.32.0
Pointer = 0xD9FFBF50
State = UP
Flags = DECR+ESP
SA = 0x0206A0CF
SPI = 0x0608A58C
Group = 3
Pkts = 34711
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x006099BC
Peer IP = 10.44.32.0
Pointer = 0xDA155390
State = UP
Flags = ENCR+ESP
SA = 0x0209BA5D
SPI = 0x1507684A
Group = 2
Pkts = 34973
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x006027A4
Peer IP = 10.44.7.1
Pointer = 0xDA1B1AF0
State = UP
Flags = DECR+ESP
SA = 0x020263A9
SPI = 0x7BB8C07E
Group = 0
Pkts = 104
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005FC9C4
Peer IP = 10.44.7.1
Pointer = 0xDA030E88
State = UP
Flags = ENCR+ESP
SA = 0x02041D2F
SPI = 0x40450462
Group = 2
Pkts = 89
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005F72CC
Peer IP = 10.220.1.0
Pointer = 0xDA026910
State = UP
Flags = DECR+ESP
SA = 0x01FF7073
SPI = 0xA7DC842C
Group = 2
Pkts = 2827
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005EA88C
Peer IP = 10.220.1.0
Pointer = 0xDA1265C0
State = UP
Flags = ENCR+ESP
SA = 0x02001B31
SPI = 0x4474DC03
Group = 1
Pkts = 1435
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005C56C4
Peer IP = 10.44.7.2
Pointer = 0xD9FECA90
State = UP
Flags = DECR+ESP
SA = 0x01EE5CFB
SPI = 0xAF7E36EF
Group = 0
Pkts = 146
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005BC164
Peer IP = 10.44.7.2
Pointer = 0xD9FF4168
State = UP
Flags = ENCR+ESP
SA = 0x01F04119
SPI = 0x9855873B
Group = 0
Pkts = 136
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0055549C
Peer IP = 10.220.2.0
Pointer = 0xDA162430
State = UP
Flags = DECR+ESP
SA = 0x01CE9B0B
SPI = 0x20FF2219
Group = 26
Pkts = 93927
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0054AF9C
Peer IP = 10.220.2.0
Pointer = 0xD9FF7E88
State = UP
Flags = ENCR+ESP
SA = 0x01D18DE9
SPI = 0xE1549AE6
Group = 25
Pkts = 92151
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00533D2C
Peer IP = 10.220.1.0
Pointer = 0xD82911B0
State = UP
Flags = DECR+ESP
SA = 0x01C49FCF
SPI = 0xFBF66CBF
Group = 2
Pkts = 10769
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0052A06C
Peer IP = 10.220.1.0
Pointer = 0xD9F8F758
State = UP
Flags = ENCR+ESP
SA = 0x01C6FEEF
SPI = 0x775312F9
Group = 1
Pkts = 10776
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00513CBC
Peer IP = 10.91.164.0
Pointer = 0xDA0C5FA0
State = UP
Flags = DECR+ESP
SA = 0x01B707F7
SPI = 0x1280DD3B
Group = 1
Pkts = 2183
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0050A43C
Peer IP = 10.91.164.0
Pointer = 0xDA0B9C90
State = UP
Flags = ENCR+ESP
SA = 0x01B9D665
SPI = 0xFE35483C
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004D40DC
Peer IP = 10.44.0.0
Pointer = 0xDA125E98
State = UP
Flags = DECR+ESP
SA = 0x01A35B59
SPI = 0xDAA5975E
Group = 2
Pkts = 74
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004CA4DC
Peer IP = 10.44.0.0
Pointer = 0xDA1A5348
State = UP
Flags = ENCR+ESP
SA = 0x01A5331F
SPI = 0xACC5CD12
Group = 0
Pkts = 76
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004C6B44
Peer IP = 10.44.0.0
Pointer = 0xD9F90D20
State = UP
Flags = DECR+ESP
SA = 0x018C277B
SPI = 0x89932C55
Group = 2
Pkts = 3380
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004BD7E4
Peer IP = 10.44.0.0
Pointer = 0xD9F89578
State = UP
Flags = ENCR+ESP
SA = 0x0191AB89
SPI = 0xF6D0AFAE
Group = 1
Pkts = 2679
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004960FC
Peer IP = 10.44.100.0
Pointer = 0xD9FFD888
State = UP
Flags = DECR+ESP
SA = 0x0159FFD5
SPI = 0xFD468F18
Group = 0
Pkts = 10098
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0048B17C
Peer IP = 10.44.100.0
Pointer = 0xD9FFDAE8
State = UP
Flags = ENCR+ESP
SA = 0x015AB57D
SPI = 0xA206BB67
Group = 0
Pkts = 7674
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00484664
Peer IP = 10.44.100.0
Pointer = 0xD9FF9150
State = UP
Flags = DECR+ESP
SA = 0x0155D7E7
SPI = 0xEF56BBCD
Group = 9
Pkts = 19295
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0047AB84
Peer IP = 10.44.100.0
Pointer = 0xD9EA5290
State = UP
Flags = ENCR+ESP
SA = 0x01573127
SPI = 0x3625A1C1
Group = 8
Pkts = 16735
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0047438C
Peer IP = 10.44.0.0
Pointer = 0xDA039328
State = UP
Flags = DECR+ESP
SA = 0x01507929
SPI = 0xBF3AF5AC
Group = 21
Pkts = 12495
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0046C44C
Peer IP = 10.44.0.0
Pointer = 0xD9FF1C70
State = UP
Flags = ENCR+ESP
SA = 0x0153F641
SPI = 0xBA63F117
Group = 20
Pkts = 11856
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x002F044C
Peer IP = 10.63.32.0
Pointer = 0xD9FF1E38
State = UP
Flags = DECR+ESP
SA = 0x01F33771
SPI = 0x13C4F063
Group = 61
Pkts = 49853
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x002E900C
Peer IP = 10.63.32.0
Pointer = 0xD9FEDB70
State = UP
Flags = ENCR+ESP
SA = 0x01F53957
SPI = 0x119AC0E7
Group = 61
Pkts = 53286
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00265B74
Peer IP = 10.91.64.0
Pointer = 0xDA1B2630
State = UP
Flags = DECR+ESP+NATT
SA = 0x01A617FF
SPI = 0x28ACA589
Group = 1
Pkts = 19963
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0025AAD4
Peer IP = 10.91.64.0
Pointer = 0xDA1B2F98
State = UP
Flags = ENCR+ESP+NATT
SA = 0x01A819CD
SPI = 0xD7BBC875
Group = 1
Pkts = 18126
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001D7A5C
Peer IP = 10.91.128.0
Pointer = 0xDA161F10
State = UP
Flags = DECR+ESP
SA = 0x019ED4A3
SPI = 0x0D637CA2
Group = 1
Pkts = 318
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001CD45C
Peer IP = 10.91.128.0
Pointer = 0xDA162708
State = UP
Flags = ENCR+ESP
SA = 0x01A063A1
SPI = 0x958B9AC7
Group = 0
Pkts = 318
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00196A7C
Peer IP = 10.91.129.0
Pointer = 0xDA02FC20
State = UP
Flags = DECR+ESP
SA = 0x019AB65D
SPI = 0x0FA4A5E4
Group = 0
Pkts = 977
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0018F0FC
Peer IP = 10.91.129.0
Pointer = 0xDA1594F0
State = UP
Flags = ENCR+ESP
SA = 0x019C2BD3
SPI = 0x0D4E5B16
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0017350C
Peer IP = 10.91.128.0
Pointer = 0xDA152440
State = UP
Flags = DECR+ESP
SA = 0x0193A921
SPI = 0x5E6A678B
Group = 0
Pkts = 31905
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00168BCC
Peer IP = 10.91.128.0
Pointer = 0xDA152C88
State = UP
Flags = ENCR+ESP
SA = 0x01954147
SPI = 0x9B23DB3E
Group = 0
Pkts = 33150
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001657F4
Peer IP = 10.91.139.0
Pointer = 0xDA0BBE98
State = UP
Flags = DECR+ESP
SA = 0x0185526F
SPI = 0xAE1EC6F8
Group = 3
Pkts = 14050
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0015C954
Peer IP = 10.91.139.0
Pointer = 0xDA14DED0
State = UP
Flags = ENCR+ESP
SA = 0x0187CD0F
SPI = 0x1ED29AF3
Group = 3
Pkts = 14035
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00143B04
Peer IP = 10.91.130.0
Pointer = 0xDA122350
State = UP
Flags = DECR+ESP
SA = 0x01790605
SPI = 0xEE61139B
Group = 0
Pkts = 20426
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00138EA4
Peer IP = 10.91.130.0
Pointer = 0xDA122B08
State = UP
Flags = ENCR+ESP
SA = 0x017AF7ED
SPI = 0x788655BD
Group = 0
Pkts = 20912
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00133F2C
Peer IP = 10.91.132.0
Pointer = 0xDA106018
State = UP
Flags = DECR+ESP
SA = 0x01740697
SPI = 0xCAC6CF48
Group = 0
Pkts = 6634
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0012EA6C
Peer IP = 10.91.132.0
Pointer = 0xDA0C8B78
State = UP
Flags = ENCR+ESP
SA = 0x0176B217
SPI = 0xF6FE2BB4
Group = 0
Pkts = 7875
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00120D14
Peer IP = 10.91.129.0
Pointer = 0xDA103590
State = UP
Flags = DECR+ESP
SA = 0x0169756D
SPI = 0x55EAD4F1
Group = 3
Pkts = 2722
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00119EF4
Peer IP = 10.91.129.0
Pointer = 0xDA104C80
State = UP
Flags = ENCR+ESP
SA = 0x016A1735
SPI = 0x392E23FD
Group = 2
Pkts = 1401
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00111EBC
Peer IP = 10.91.128.0
Pointer = 0xDA103838
State = UP
Flags = DECR+ESP
SA = 0x01707C59
SPI = 0x8E9F9D26
Group = 7
Pkts = 1687
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0010CE3C
Peer IP = 10.91.128.0
Pointer = 0xDA102DF0
State = UP
Flags = ENCR+ESP
SA = 0x0173F1B1
SPI = 0x46AE776C
Group = 6
Pkts = 1345
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00105E24
Peer IP = 10.91.138.0
Pointer = 0xDA0C9080
State = UP
Flags = DECR+ESP
SA = 0x016C37CB
SPI = 0x60ACB345
Group = 2
Pkts = 13878
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000FCA44
Peer IP = 10.91.138.0
Pointer = 0xDA0C9960
State = UP
Flags = ENCR+ESP
SA = 0x016F7D3B
SPI = 0x053ED1FE
Group = 1
Pkts = 14643
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000F254C
Peer IP = 10.91.129.0
Pointer = 0xDA0C3A40
State = UP
Flags = DECR+ESP
SA = 0x01622C79
SPI = 0x7DF6662D
Group = 1
Pkts = 23347
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000E950C
Peer IP = 10.91.129.0
Pointer = 0xDA0C52A0
State = UP
Flags = ENCR+ESP
SA = 0x01671E1F
SPI = 0xF3F7E4E0
Group = 0
Pkts = 23837
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000E3E34
Peer IP = 10.91.132.0
Pointer = 0xDA0C3D30
State = UP
Flags = DECR+ESP
SA = 0x01614541
SPI = 0xBD2B550C
Group = 32
Pkts = 923596
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000DE094
Peer IP = 10.91.132.0
Pointer = 0xDA0C2180
State = UP
Flags = ENCR+ESP
SA = 0x0165FDBF
SPI = 0x3F4388C7
Group = 31
Pkts = 904728
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000D62DC
Peer IP = 10.91.128.0
Pointer = 0xDA0BD3C0
State = UP
Flags = DECR+ESP
SA = 0x015D8C73
SPI = 0x8059E184
Group = 6
Pkts = 15359
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000C8EDC
Peer IP = 10.91.128.0
Pointer = 0xDA0C0198
State = UP
Flags = ENCR+ESP
SA = 0x015FB8C3
SPI = 0xEEEF77FF
Group = 5
Pkts = 15937
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000C3D44
Peer IP = 10.44.32.0
Pointer = 0xDA0003C0
State = UP
Flags = DECR+ESP
SA = 0x014C941B
SPI = 0xEBFD2A94
Group = 0
Pkts = 1008
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000BB1E4
Peer IP = 10.44.32.0
Pointer = 0xD9FFD958
State = UP
Flags = ENCR+ESP
SA = 0x014F2B4B
SPI = 0x964FB7B7
Group = 0
Pkts = 365
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000B676C
Peer IP = 10.91.64.0
Pointer = 0xD9FFF670
State = UP
Flags = DECR+ESP+NATT
SA = 0x0144350F
SPI = 0x5F901744
Group = 79
Pkts = 933580
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x000A8BAC
Peer IP = 10.91.64.0
Pointer = 0xD9FFED18
State = UP
Flags = ENCR+ESP+NATT
SA = 0x01470B2F
SPI = 0xA924A212
Group = 79
Pkts = 910340
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000942FC
Peer IP = 10.44.32.0
Pointer = 0xD9FF8AF0
State = UP
Flags = DECR+ESP
SA = 0x013DEEC3
SPI = 0x42DEC9D7
Group = 108
Pkts = 63000
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0008DB7C
Peer IP = 10.44.32.0
Pointer = 0xD9FF6AE0
State = UP
Flags = ENCR+ESP
SA = 0x013FF4D3
SPI = 0x43446E43
Group = 107
Pkts = 63536
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00061474
Peer IP = 10.91.0.0
Pointer = 0xD9FEFD60
State = UP
Flags = DECR+ESP+NATT
SA = 0x0139E5A5
SPI = 0xBAECD83E
Group = 16
Pkts = 85603
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0005A7D4
Peer IP = 10.91.0.0
Pointer = 0xD9FEEC00
State = UP
Flags = ENCR+ESP+NATT
SA = 0x013AEF0D
SPI = 0xDC14CB43
Group = 17
Pkts = 151292
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00037FAC
Peer IP = 10.91.64.0
Pointer = 0xD9F83900
State = UP
Flags = DECR+ESP+NATT
SA = 0x0130A1F9
SPI = 0xA9BC211E
Group = 6
Pkts = 83459
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0002DCEC
Peer IP = 10.91.64.0
Pointer = 0xD9F84148
State = UP
Flags = ENCR+ESP+NATT
SA = 0x0132B6D1
SPI = 0xADFA2803
Group = 6
Pkts = 101794
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00023994
Peer IP = 10.91.0.0
Pointer = 0xD9F92B88
State = UP
Flags = DECR+ESP+NATT
SA = 0x0128810D
SPI = 0xE311B8EA
Group = 4
Pkts = 7332
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0001AD74
Peer IP = 10.91.0.0
Pointer = 0xD9F93F38
State = UP
Flags = ENCR+ESP+NATT
SA = 0x012ACA55
SPI = 0x8FAE7D5F
Group = 4
Pkts = 2924
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0001573C
Peer IP = 10.91.0.0
Pointer = 0xDA043608
State = UP
Flags = DECR+ESP+NATT
SA = 0x0124F85F
SPI = 0xE6EE99CF
Group = 18
Pkts = 47491
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x000098BC
Peer IP = 10.91.0.0
Pointer = 0xD9EC2358
State = UP
Flags = ENCR+ESP+NATT
SA = 0x0126943F
SPI = 0x31E9EE64
Group = 18
Pkts = 53048
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN-ASA5505#
VPN-ASA5505# sh asp table vpn-context detail | begin
ERROR: % Incomplete command
VPN-ASA5505#
VPN-ASA5505# sh crypto ipsec sa peer 14.140.197.218
peer address: 14.140.197.218
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FA97197C
current inbound spi : ADB2D6B7
inbound esp sas:
spi: 0xADB2D6B7 (2914178743)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27864)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0xFA97197C (4204206460)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27864)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2231, #pkts decrypt: 2231, #pkts verify: 2231
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FE35483C
current inbound spi : 1280DD3B
inbound esp sas:
spi: 0x1280DD3B (310435131)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373869/16513)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xFE35483C (4264904764)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/16512)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
VPN-ASA5505#
VPN-ASA5505#
VPN-ASA5505# sh crypto ipsec sa peer 14.140.197.218
peer address: 14.140.197.218
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FA97197C
current inbound spi : ADB2D6B7
inbound esp sas:
spi: 0xADB2D6B7 (2914178743)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27202)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0xFA97197C (4204206460)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27202)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2351, #pkts decrypt: 2351, #pkts verify: 2351
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FE35483C
current inbound spi : 1280DD3B
inbound esp sas:
spi: 0x1280DD3B (310435131)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373862/15851)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xFE35483C (4264904764)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/15851)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
VPN-ASA5505# packet-tracer input inside udp 10.162.99.251 1610 10.91.164.25 33$
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip object-group VPN_DC_to_Noida object-group VPN_Noida_to_DC
object-group network VPN_DC_to_Noida
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_Noida_to_DC
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd843eef8, priority=12, domain=permit, deny=false
hits=3, user_data=0xd64ea8d0, cs_id=0x0, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd8237d98, priority=0, domain=inspect-ip-options, deny=true
hits=131549, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any outside any
NAT exempt
translate_hits = 6411, untranslate_hits = 43025
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd839d8f0, priority=6, domain=nat-exempt, deny=false
hits=6837, user_data=0xd839d830, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841bb60, priority=1, domain=nat, deny=false
hits=14938, user_data=0xd841baa0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841b6b0, priority=1, domain=host, deny=false
hits=132965, user_data=0xd841b298, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xda1558c8, priority=70, domain=encrypt, deny=false
hits=3, user_data=0x63fe24, cs_id=0xd8d07368, reverse, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xda14ee48, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=1, user_data=0x643484, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.91.164.0, mask=255.255.255.0, port=0
dst ip=10.162.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd8286c88, priority=0, domain=inspect-ip-options, deny=true
hits=75389, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 134102, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505# packet-tracer input inside udp 10.162.99.251 1610 10.91.164.25 33$
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip object-group VPN_DC_to_Noida object-group VPN_Noida_to_DC
object-group network VPN_DC_to_Noida
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
object-group network VPN_Noida_to_DC
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd843eef8, priority=12, domain=permit, deny=false
hits=4, user_data=0xd64ea8d0, cs_id=0x0, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd8237d98, priority=0, domain=inspect-ip-options, deny=true
hits=131558, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any outside any
NAT exempt
translate_hits = 6412, untranslate_hits = 43028
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd839d8f0, priority=6, domain=nat-exempt, deny=false
hits=6838, user_data=0xd839d830, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any outside any
dynamic translation to pool 1 (208.4.152.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841bb60, priority=1, domain=nat, deny=false
hits=14939, user_data=0xd841baa0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (inside) 1 0.0.0.0 0.0.0.0
match ip inside any inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd841b6b0, priority=1, domain=host, deny=false
hits=132974, user_data=0xd841b298, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xda1558c8, priority=70, domain=encrypt, deny=false
hits=4, user_data=0x63fe24, cs_id=0xd8d07368, reverse, flags=0x0, protocol=0
src ip=10.162.0.0, mask=255.255.0.0, port=0
dst ip=10.91.164.0, mask=255.255.255.0, port=0, dscp=0x0
Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xda14ee48, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=2, user_data=0x643484, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.91.164.0, mask=255.255.255.0, port=0
dst ip=10.162.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd8286c88, priority=0, domain=inspect-ip-options, deny=true
hits=75393, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 134111, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
VPN-ASA5505# sh asp table vpn-context detail | begin 0x643484
VPN-ASA5505# sh asp table vpn-context detail | begin 0x0
VPN CTX = 0x00643484
Peer IP = 10.91.164.0
Pointer = 0xDA14ED00
State = UP
Flags = DECR+ESP
SA = 0x0213DEE1
SPI = 0xADB2D6B7
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0063FE24
Peer IP = 10.91.164.0
Pointer = 0xDA03AE08
State = UP
Flags = ENCR+ESP
SA = 0x0217DAC7
SPI = 0xFA97197C
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00633CAC
Peer IP = 10.91.136.0
Pointer = 0xD8293A68
State = UP
Flags = DECR+ESP
SA = 0x020E7AEB
SPI = 0xE8909724
Group = 0
Pkts = 13
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
VPN-ASA5505# sh asp table vpn-context detail
VPN CTX = 0x00643484
Peer IP = 10.91.164.0
Pointer = 0xDA14ED00
State = UP
Flags = DECR+ESP
SA = 0x0213DEE1
SPI = 0xADB2D6B7
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0063FE24
Peer IP = 10.91.164.0
Pointer = 0xDA03AE08
State = UP
Flags = ENCR+ESP
SA = 0x0217DAC7
SPI = 0xFA97197C
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00633CAC
Peer IP = 10.91.136.0
Pointer = 0xD8293A68
State = UP
Flags = DECR+ESP
SA = 0x020E7AEB
SPI = 0xE8909724
Group = 0
Pkts = 13
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0062EDEC
Peer IP = 10.91.136.0
Pointer = 0xD52A7478
State = UP
Flags = ENCR+ESP
SA = 0x02102049
SPI = 0x67EBB1F3
Group = 0
Pkts = 14
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00626E94
Peer IP = 10.91.130.0
Pointer = 0xDA033528
State = UP
Flags = DECR+ESP
SA = 0x020A9165
SPI = 0xE7FDBBA6
Group = 0
Pkts = 8
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00619674
Peer IP = 10.91.130.0
Pointer = 0xD9FFF498
State = UP
Flags = ENCR+ESP
SA = 0x020CDE3B
SPI = 0x1906B5D4
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0061443C
Peer IP = 10.44.32.0
Pointer = 0xD9FFBF50
State = UP
Flags = DECR+ESP
SA = 0x0206A0CF
SPI = 0x0608A58C
Group = 3
Pkts = 34711
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x006099BC
Peer IP = 10.44.32.0
Pointer = 0xDA155390
State = UP
Flags = ENCR+ESP
SA = 0x0209BA5D
SPI = 0x1507684A
Group = 2
Pkts = 34973
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x006027A4
Peer IP = 10.44.7.1
Pointer = 0xDA1B1AF0
State = UP
Flags = DECR+ESP
SA = 0x020263A9
SPI = 0x7BB8C07E
Group = 0
Pkts = 104
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005FC9C4
Peer IP = 10.44.7.1
Pointer = 0xDA030E88
State = UP
Flags = ENCR+ESP
SA = 0x02041D2F
SPI = 0x40450462
Group = 2
Pkts = 89
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005F72CC
Peer IP = 10.220.1.0
Pointer = 0xDA026910
State = UP
Flags = DECR+ESP
SA = 0x01FF7073
SPI = 0xA7DC842C
Group = 2
Pkts = 2827
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005EA88C
Peer IP = 10.220.1.0
Pointer = 0xDA1265C0
State = UP
Flags = ENCR+ESP
SA = 0x02001B31
SPI = 0x4474DC03
Group = 1
Pkts = 1435
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005C56C4
Peer IP = 10.44.7.2
Pointer = 0xD9FECA90
State = UP
Flags = DECR+ESP
SA = 0x01EE5CFB
SPI = 0xAF7E36EF
Group = 0
Pkts = 146
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x005BC164
Peer IP = 10.44.7.2
Pointer = 0xD9FF4168
State = UP
Flags = ENCR+ESP
SA = 0x01F04119
SPI = 0x9855873B
Group = 0
Pkts = 136
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0055549C
Peer IP = 10.220.2.0
Pointer = 0xDA162430
State = UP
Flags = DECR+ESP
SA = 0x01CE9B0B
SPI = 0x20FF2219
Group = 26
Pkts = 93927
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0054AF9C
Peer IP = 10.220.2.0
Pointer = 0xD9FF7E88
State = UP
Flags = ENCR+ESP
SA = 0x01D18DE9
SPI = 0xE1549AE6
Group = 25
Pkts = 92151
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00533D2C
Peer IP = 10.220.1.0
Pointer = 0xD82911B0
State = UP
Flags = DECR+ESP
SA = 0x01C49FCF
SPI = 0xFBF66CBF
Group = 2
Pkts = 10769
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0052A06C
Peer IP = 10.220.1.0
Pointer = 0xD9F8F758
State = UP
Flags = ENCR+ESP
SA = 0x01C6FEEF
SPI = 0x775312F9
Group = 1
Pkts = 10776
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00513CBC
Peer IP = 10.91.164.0
Pointer = 0xDA0C5FA0
State = UP
Flags = DECR+ESP
SA = 0x01B707F7
SPI = 0x1280DD3B
Group = 1
Pkts = 2183
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0050A43C
Peer IP = 10.91.164.0
Pointer = 0xDA0B9C90
State = UP
Flags = ENCR+ESP
SA = 0x01B9D665
SPI = 0xFE35483C
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004D40DC
Peer IP = 10.44.0.0
Pointer = 0xDA125E98
State = UP
Flags = DECR+ESP
SA = 0x01A35B59
SPI = 0xDAA5975E
Group = 2
Pkts = 74
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004CA4DC
Peer IP = 10.44.0.0
Pointer = 0xDA1A5348
State = UP
Flags = ENCR+ESP
SA = 0x01A5331F
SPI = 0xACC5CD12
Group = 0
Pkts = 76
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004C6B44
Peer IP = 10.44.0.0
Pointer = 0xD9F90D20
State = UP
Flags = DECR+ESP
SA = 0x018C277B
SPI = 0x89932C55
Group = 2
Pkts = 3380
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004BD7E4
Peer IP = 10.44.0.0
Pointer = 0xD9F89578
State = UP
Flags = ENCR+ESP
SA = 0x0191AB89
SPI = 0xF6D0AFAE
Group = 1
Pkts = 2679
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x004960FC
Peer IP = 10.44.100.0
Pointer = 0xD9FFD888
State = UP
Flags = DECR+ESP
SA = 0x0159FFD5
SPI = 0xFD468F18
Group = 0
Pkts = 10098
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0048B17C
Peer IP = 10.44.100.0
Pointer = 0xD9FFDAE8
State = UP
Flags = ENCR+ESP
SA = 0x015AB57D
SPI = 0xA206BB67
Group = 0
Pkts = 7674
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x00484664
Peer IP = 10.44.100.0
Pointer = 0xD9FF9150
State = UP
Flags = DECR+ESP
SA = 0x0155D7E7
SPI = 0xEF56BBCD
Group = 9
Pkts = 19295
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0047AB84
Peer IP = 10.44.100.0
Pointer = 0xD9EA5290
State = UP
Flags = ENCR+ESP
SA = 0x01573127
SPI = 0x3625A1C1
Group = 8
Pkts = 16735
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0047438C
Peer IP = 10.44.0.0
Pointer = 0xDA039328
State = UP
Flags = DECR+ESP
SA = 0x01507929
SPI = 0xBF3AF5AC
Group = 21
Pkts = 12495
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x0046C44C
Peer IP = 10.44.0.0
Pointer = 0xD9FF1C70
State = UP
Flags = ENCR+ESP
SA = 0x0153F641
SPI = 0xBA63F117
Group = 20
Pkts = 11856
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter =
VPN CTX = 0x002F044C
Peer IP = 10.63.32.0
Pointer = 0xD9FF1E38
State = UP
Flags = DECR+ESP
SA = 0x01F33771
SPI = 0x13C4F063
Group = 61
Pkts = 49853
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x002E900C
Peer IP = 10.63.32.0
Pointer = 0xD9FEDB70
State = UP
Flags = ENCR+ESP
SA = 0x01F53957
SPI = 0x119AC0E7
Group = 61
Pkts = 53286
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00265B74
Peer IP = 10.91.64.0
Pointer = 0xDA1B2630
State = UP
Flags = DECR+ESP+NATT
SA = 0x01A617FF
SPI = 0x28ACA589
Group = 1
Pkts = 19963
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0025AAD4
Peer IP = 10.91.64.0
Pointer = 0xDA1B2F98
State = UP
Flags = ENCR+ESP+NATT
SA = 0x01A819CD
SPI = 0xD7BBC875
Group = 1
Pkts = 18126
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001D7A5C
Peer IP = 10.91.128.0
Pointer = 0xDA161F10
State = UP
Flags = DECR+ESP
SA = 0x019ED4A3
SPI = 0x0D637CA2
Group = 1
Pkts = 318
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001CD45C
Peer IP = 10.91.128.0
Pointer = 0xDA162708
State = UP
Flags = ENCR+ESP
SA = 0x01A063A1
SPI = 0x958B9AC7
Group = 0
Pkts = 318
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00196A7C
Peer IP = 10.91.129.0
Pointer = 0xDA02FC20
State = UP
Flags = DECR+ESP
SA = 0x019AB65D
SPI = 0x0FA4A5E4
Group = 0
Pkts = 977
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0018F0FC
Peer IP = 10.91.129.0
Pointer = 0xDA1594F0
State = UP
Flags = ENCR+ESP
SA = 0x019C2BD3
SPI = 0x0D4E5B16
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0017350C
Peer IP = 10.91.128.0
Pointer = 0xDA152440
State = UP
Flags = DECR+ESP
SA = 0x0193A921
SPI = 0x5E6A678B
Group = 0
Pkts = 31905
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00168BCC
Peer IP = 10.91.128.0
Pointer = 0xDA152C88
State = UP
Flags = ENCR+ESP
SA = 0x01954147
SPI = 0x9B23DB3E
Group = 0
Pkts = 33150
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x001657F4
Peer IP = 10.91.139.0
Pointer = 0xDA0BBE98
State = UP
Flags = DECR+ESP
SA = 0x0185526F
SPI = 0xAE1EC6F8
Group = 3
Pkts = 14050
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0015C954
Peer IP = 10.91.139.0
Pointer = 0xDA14DED0
State = UP
Flags = ENCR+ESP
SA = 0x0187CD0F
SPI = 0x1ED29AF3
Group = 3
Pkts = 14035
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00143B04
Peer IP = 10.91.130.0
Pointer = 0xDA122350
State = UP
Flags = DECR+ESP
SA = 0x01790605
SPI = 0xEE61139B
Group = 0
Pkts = 20426
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00138EA4
Peer IP = 10.91.130.0
Pointer = 0xDA122B08
State = UP
Flags = ENCR+ESP
SA = 0x017AF7ED
SPI = 0x788655BD
Group = 0
Pkts = 20912
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00133F2C
Peer IP = 10.91.132.0
Pointer = 0xDA106018
State = UP
Flags = DECR+ESP
SA = 0x01740697
SPI = 0xCAC6CF48
Group = 0
Pkts = 6634
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0012EA6C
Peer IP = 10.91.132.0
Pointer = 0xDA0C8B78
State = UP
Flags = ENCR+ESP
SA = 0x0176B217
SPI = 0xF6FE2BB4
Group = 0
Pkts = 7875
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00120D14
Peer IP = 10.91.129.0
Pointer = 0xDA103590
State = UP
Flags = DECR+ESP
SA = 0x0169756D
SPI = 0x55EAD4F1
Group = 3
Pkts = 2722
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00119EF4
Peer IP = 10.91.129.0
Pointer = 0xDA104C80
State = UP
Flags = ENCR+ESP
SA = 0x016A1735
SPI = 0x392E23FD
Group = 2
Pkts = 1401
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00111EBC
Peer IP = 10.91.128.0
Pointer = 0xDA103838
State = UP
Flags = DECR+ESP
SA = 0x01707C59
SPI = 0x8E9F9D26
Group = 7
Pkts = 1687
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0010CE3C
Peer IP = 10.91.128.0
Pointer = 0xDA102DF0
State = UP
Flags = ENCR+ESP
SA = 0x0173F1B1
SPI = 0x46AE776C
Group = 6
Pkts = 1345
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00105E24
Peer IP = 10.91.138.0
Pointer = 0xDA0C9080
State = UP
Flags = DECR+ESP
SA = 0x016C37CB
SPI = 0x60ACB345
Group = 2
Pkts = 13878
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000FCA44
Peer IP = 10.91.138.0
Pointer = 0xDA0C9960
State = UP
Flags = ENCR+ESP
SA = 0x016F7D3B
SPI = 0x053ED1FE
Group = 1
Pkts = 14643
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000F254C
Peer IP = 10.91.129.0
Pointer = 0xDA0C3A40
State = UP
Flags = DECR+ESP
SA = 0x01622C79
SPI = 0x7DF6662D
Group = 1
Pkts = 23347
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000E950C
Peer IP = 10.91.129.0
Pointer = 0xDA0C52A0
State = UP
Flags = ENCR+ESP
SA = 0x01671E1F
SPI = 0xF3F7E4E0
Group = 0
Pkts = 23837
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000E3E34
Peer IP = 10.91.132.0
Pointer = 0xDA0C3D30
State = UP
Flags = DECR+ESP
SA = 0x01614541
SPI = 0xBD2B550C
Group = 32
Pkts = 923596
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000DE094
Peer IP = 10.91.132.0
Pointer = 0xDA0C2180
State = UP
Flags = ENCR+ESP
SA = 0x0165FDBF
SPI = 0x3F4388C7
Group = 31
Pkts = 904728
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000D62DC
Peer IP = 10.91.128.0
Pointer = 0xDA0BD3C0
State = UP
Flags = DECR+ESP
SA = 0x015D8C73
SPI = 0x8059E184
Group = 6
Pkts = 15359
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000C8EDC
Peer IP = 10.91.128.0
Pointer = 0xDA0C0198
State = UP
Flags = ENCR+ESP
SA = 0x015FB8C3
SPI = 0xEEEF77FF
Group = 5
Pkts = 15937
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000C3D44
Peer IP = 10.44.32.0
Pointer = 0xDA0003C0
State = UP
Flags = DECR+ESP
SA = 0x014C941B
SPI = 0xEBFD2A94
Group = 0
Pkts = 1008
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000BB1E4
Peer IP = 10.44.32.0
Pointer = 0xD9FFD958
State = UP
Flags = ENCR+ESP
SA = 0x014F2B4B
SPI = 0x964FB7B7
Group = 0
Pkts = 365
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000B676C
Peer IP = 10.91.64.0
Pointer = 0xD9FFF670
State = UP
Flags = DECR+ESP+NATT
SA = 0x0144350F
SPI = 0x5F901744
Group = 79
Pkts = 933580
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x000A8BAC
Peer IP = 10.91.64.0
Pointer = 0xD9FFED18
State = UP
Flags = ENCR+ESP+NATT
SA = 0x01470B2F
SPI = 0xA924A212
Group = 79
Pkts = 910340
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x000942FC
Peer IP = 10.44.32.0
Pointer = 0xD9FF8AF0
State = UP
Flags = DECR+ESP
SA = 0x013DEEC3
SPI = 0x42DEC9D7
Group = 108
Pkts = 63000
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0008DB7C
Peer IP = 10.44.32.0
Pointer = 0xD9FF6AE0
State = UP
Flags = ENCR+ESP
SA = 0x013FF4D3
SPI = 0x43446E43
Group = 107
Pkts = 63536
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00061474
Peer IP = 10.91.0.0
Pointer = 0xD9FEFD60
State = UP
Flags = DECR+ESP+NATT
SA = 0x0139E5A5
SPI = 0xBAECD83E
Group = 16
Pkts = 85603
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0005A7D4
Peer IP = 10.91.0.0
Pointer = 0xD9FEEC00
State = UP
Flags = ENCR+ESP+NATT
SA = 0x013AEF0D
SPI = 0xDC14CB43
Group = 17
Pkts = 151292
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00037FAC
Peer IP = 10.91.64.0
Pointer = 0xD9F83900
State = UP
Flags = DECR+ESP+NATT
SA = 0x0130A1F9
SPI = 0xA9BC211E
Group = 6
Pkts = 83459
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0002DCEC
Peer IP = 10.91.64.0
Pointer = 0xD9F84148
State = UP
Flags = ENCR+ESP+NATT
SA = 0x0132B6D1
SPI = 0xADFA2803
Group = 6
Pkts = 101794
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x00023994
Peer IP = 10.91.0.0
Pointer = 0xD9F92B88
State = UP
Flags = DECR+ESP+NATT
SA = 0x0128810D
SPI = 0xE311B8EA
Group = 4
Pkts = 7332
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x0001AD74
Peer IP = 10.91.0.0
Pointer = 0xD9F93F38
State = UP
Flags = ENCR+ESP+NATT
SA = 0x012ACA55
SPI = 0x8FAE7D5F
Group = 4
Pkts = 2924
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN CTX = 0x0001573C
Peer IP = 10.91.0.0
Pointer = 0xDA043608
State = UP
Flags = DECR+ESP+NATT
SA = 0x0124F85F
SPI = 0xE6EE99CF
Group = 18
Pkts = 47491
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 2
VPN Filter =
VPN CTX = 0x000098BC
Peer IP = 10.91.0.0
Pointer = 0xD9EC2358
State = UP
Flags = ENCR+ESP+NATT
SA = 0x0126943F
SPI = 0x31E9EE64
Group = 18
Pkts = 53048
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 1
Rekey Call = 1
VPN Filter =
VPN-ASA5505#
VPN-ASA5505# sh asp table vpn-context detail | begin
ERROR: % Incomplete command
VPN-ASA5505#
VPN-ASA5505# sh crypto ipsec sa peer 14.140.197.218
peer address: 14.140.197.218
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FA97197C
current inbound spi : ADB2D6B7
inbound esp sas:
spi: 0xADB2D6B7 (2914178743)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27864)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0xFA97197C (4204206460)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27864)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2231, #pkts decrypt: 2231, #pkts verify: 2231
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FE35483C
current inbound spi : 1280DD3B
inbound esp sas:
spi: 0x1280DD3B (310435131)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373869/16513)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xFE35483C (4264904764)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/16512)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
VPN-ASA5505#
VPN-ASA5505#
VPN-ASA5505# sh crypto ipsec sa peer 14.140.197.218
peer address: 14.140.197.218
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FA97197C
current inbound spi : ADB2D6B7
inbound esp sas:
spi: 0xADB2D6B7 (2914178743)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27202)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0xFA97197C (4204206460)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/27202)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 9, local addr: 208.4.152.36
access-list outside_9_cryptomap extended permit ip 10.162.0.0 255.255.0.0 10.91.164.0 255.255.255.0
local ident (addr/mask/prot/port): (10.162.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.91.164.0/255.255.255.0/0/0)
current_peer: 14.140.197.218
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2351, #pkts decrypt: 2351, #pkts verify: 2351
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 208.4.152.36, remote crypto endpt.: 14.140.197.218
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: FE35483C
current inbound spi : 1280DD3B
inbound esp sas:
spi: 0x1280DD3B (310435131)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4373862/15851)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xFE35483C (4264904764)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 49152, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/15851)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
VPN-ASA5505#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:02 AM
object-group network VPN_B_to_A
network-object 10.91.163.0 255.255.255.0
network-object 10.91.164.0 255.255.255.0
network-object 10.91.165.0 255.255.255.0
object-group network VPN_A_to_B
network-object 10.160.0.0 255.255.0.0
network-object 10.161.0.0 255.255.0.0
network-object 10.162.0.0 255.255.0.0
network-object 10.162.110.0 255.255.255.0
network-object 172.16.55.0 255.255.255.0
access-list outside_access_in remark VPN TUNNEL from B
access-list outside_access_in extended permit ip object-group VPN_B_to_A object-group VPN_A_to_B
access-list inside_access_in remark VPN TUNNEL to B
access-list inside_access_in extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
access-list NONAT remark Exemption for B VPN Tunnel
access-list NONAT extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
access-list NONAT extended permit ip object-group VPN_B_to_A object-group VPN_A_to_B
access-list outside_9_cryptomap extended permit ip object-group VPN_A_to_B object-group VPN_B_to_A
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
crypto map outside_map 9 match address outside_9_cryptomap
crypto map outside_map 9 set peer
crypto map outside_map 9 set transform-set ESP-3DES-SHA ESP-DES-MD5
tunnel-group
tunnel-group
pre-shared-key *****
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:20 AM
Hello Sal,
You did not provide either the version or the fact that you have rebooted the ASA?
Can you let me know.
For me is the bug that I am refering as the config is good.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:27 AM
The firewall was rebooted last night.
VPN-ASA5505# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(1)
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
It is one of the affected versions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:34 AM
Hello Sal,
Can you send me the configuration so I can take a look at it privately?
Did it work after the reboot?
Share the show crypto ipsec sa again please
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:40 AM
1) Where?
2) No
3) Will do.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 08:47 AM
Here on a private message or to julio17carvajal@hotmail.com
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 09:09 AM
Information's sent. Thanks for all your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2013 11:00 AM
Hello,
Sure, as soon as I have time I will check it bud
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
