Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

show crypto isakmp sa

Hello all!

I have a problem on a crypto ipsec tunnel between 2 PIX devices.

For some time I observed that absolutely randomly the connection (ping to the peer network) is not working for about 30 seconds.

I checked the load, traffic and so on, and nothing strange until now.

But at "show crypto isakmp sa" under the created field the number is incresing:

pix-central#show crypto isakmp sa

Total : 2

Embryonic : 0

dst src state pending created

xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy QM_IDLE 0 354

What is this field "created" and what are the numbers indicate?

Thank you!

Best regards,

Calin

2 REPLIES
New Member

Re: show crypto isakmp sa

Hello,

I belive created filed means the number of created IKE SAs at the peer. QM_IDLE indiactes that the tunnel PhaseI is fine. Did you try ipsec/isakmp debug?

Thanks.

Re: show crypto isakmp sa

Hello and thanks for your answer.

I did not tried the debug yet, because there are a lot of warning about huge resources used by debug.This PIX is remote, and under high usage, so it is a little tricky to use debug.First I will try to find some explanation about this "created" field increasing number.Since it is only one tunnel and all the traffic is put on this tunnle created IKE SAa should be a low number, and not increase by every 5, 20, 50 min (this is randomly).

242
Views
0
Helpful
2
Replies