Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
3
Replies

show crypto isakmp sa

aessome
Level 1
Level 1

‎06-06-2003 05:33 AM - edited ‎03-09-2019 03:34 AM

Hello Guy,

i get a small prob.: on my Cisco 2600 Router Branch Office connect via VPN 3des to PIX 535. all thinks works fine but i cann see the Q-idle of this command: "sh cryp isa sa"

any reason why ?

thanks for yor suggession

BBZ#sh cry isa sa

dst src state conn-id slot

BBZ-FRANKFURT#

AF

Labels:
0 Helpful
3 Replies 3

mnaveen
Level 1
Level 1

‎06-06-2003 05:58 AM

Hi,

There is nothing to worry about. The QM_IDLE state simply says that your ISAKMP SA is up. The IPSec may or may not be established. The QM_IDLE is the last state in Phase-1 negotiations and states that an ISAKMP SA is created.

Cheers :-))

Naveen

mnaveen@cisco.com

0 Helpful

MMostert
Level 1
Level 1
In response to mnaveen

‎10-27-2003 05:51 AM

Hello,

We are seeing the same and still doubt why sometimes the QM_IDLE status is not reported when typing the "show crypto isa sa" command. Potential IOS bug ? Anyone has got a clue ?

Thanks, Martijn

0 Helpful

d-garnett
Level 3
Level 3
In response to MMostert

‎10-27-2003 07:57 AM

use the

'show crypto engine connections active' command

0 Helpful
Customers Also Viewed These Support Documents