Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Phase 1 question

My understanding is that when configuring phase 1 parameters on the ASA, that depending on how the peers are configured, the ASA will go down the list of isakmp policies until a match is found.

Also, that phase 1 and phase 2 do not have to match in their policy partameters.

Hopefully this is not too obvious, because I am missing it:

Where can I see which isakmp policy a particular l2l tunnel is using?

"sh cry isa sa" only shows the status.

If I have a list of ten policies, and I only have access to my end (outside party l2l), how can I determine which phase 1 policy a particular tunnel is using?

1 REPLY
New Member

Re: ASA Phase 1 question

Found it:

sh vpn-sessiondb detail l2l

128
Views
0
Helpful
1
Replies
CreatePlease login to create content