Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no packets encrypted

i have configure a ipsec tunnel between a cisco 2801 and a pix 515

everything in the config is ok

each peer ping each other.

But i cannot reach the remote private net from pix or from router !!!

and when i type this commands :

'show crypto isakmp sa' i have :

dst src state pending created

and

'show crypto ipsec sa' i have :

interface: outside

Crypto map tag: abidjan, local addr. 213.136.105.11

local ident (addr/mask/prot/port): (10.181.0.0/255.255.0.0/0/0)

remote ident (addr/mask/prot/port): (129.184.29.0/255.255.255.0/0/0)

current_peer: 213.136.106.195

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 213.136.105.11, remote crypto endpt.: 213.136.106.195

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0

inbound esp sas:

Please, help !!!!

Regards

5 REPLIES
Gold

Re: no packets encrypted

that means your configs are not ok. please post the configs.

New Member

Re: no packets encrypted

Hi,

I can see some packets encrypted now. I've done nothing else...

Nothing added to my config, and now each remote private network can ping each other !!!

Thanks !

Gold

Re: no packets encrypted

any of these two devices have ipsec tunnel to other devices. if so, you will need to un-apply the crypto map and re-apply again.

New Member

Re: no packets encrypted

Thanks !

And how (with which command) can i do that ?

Regards

Gold

Re: no packets encrypted

a vpn black hole may occur sometime in the future. if so, you may configure "invalid spi recovery" (available with latest ios); or you may manually clear the existing vpn by the commands below:

clear crypto isakmp

clear crypto sa

in case there are more than one vpn peer, you can use the "peer" keyword with the commands in order to erase the vpn with a particular peer only, not all.

113
Views
0
Helpful
5
Replies
CreatePlease login to create content