Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

When show crypto isakmp sa ?

Dear All ,

I would like to ask you on ASA 5510 when i show crypto isakmp sa i saw responder and initiator. what are different and meaning? and next time i would like to know this issue how can i go to website for show this issue.....?

1 IKE Peer: 10.10.10.1

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

2 IKE Peer: 10.10.10.2

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

3 IKE Peer: 10.10.10.3

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

4 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

5 IKE Peer: 10.10.10.3

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

6 IKE Peer: 10.10.10.4

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

Note: both responder and initiator are working VPN.

Best Regards,

Join

1 REPLY
Cisco Employee

Re: When show crypto isakmp sa ?

Hello,

I hope the below information helps.

In IPSec LAN-to-LAN connections, the security appliance can function as initiator or responder. In IPSec remote access connections, the security appliance functions only as responder. Initiators propose SAs; responders accept, reject, or make counter-proposals-all in accordance with configured security association (SA) parameters. To establish a connection, both entities must agree on the SAs.

In IPSec terminology, a peer is a remote-access client or another secure gateway.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html

Regards,

Arul

** Please rate all helpful posts **

1515
Views
0
Helpful
1
Replies