Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN SAs states

Hi,

I'm on PIX 515E IOS 7.1.2 (but same thing on 7.0.5).

when I look on my PIX state of SAs (sh isa sa d), I get severals lines with :

IKE Peer:xxx.xxx.xxx.xxx

Type:user Role:responder

Rekey:no State:MM_WAIT_MSG3

Encrypt:3des Hash:MD5

Auth:rsa Lifetime:10800

Lifetime Remaining:2147470762

whereas all these SAs works well !! but what's that "type:user" and why "State:MM_WAIT_MSG3" and "Lifetime Remaining:2147470762" whereas I have "Lifetime:10800" ???

thanks

Niko

3 REPLIES
Community Member

Re: VPN SAs states

... I forgot to say that all other SAs are ok :

IKE Peer: yyy.yyy.yyy.yyy

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

Encrypt : 3des Hash : MD5

Auth : rsa Lifetime: 28800

Lifetime Remaining: 15473

Niko

Community Member

Re: VPN SAs states

Hi,

The life time can either be in the number of packets remaining to be sent or in time . The first to expire takes place.

Community Member

Re: VPN SAs states

Hi,

sorry in my case it's not that because LifeTime remaining does not change....

and what's "type: user" ??? whereas I want L2L !

thanks

Niko

250
Views
0
Helpful
3
Replies
CreatePlease to create content