I configured static ipsec with preshared key,transform set and applied crypto isakmp policy. I see crypto ipsec sa active as follows
C1841D#sh crypto ipsec sa
interface: Serial0/1/0.300
Crypto map tag: STATICTEST, local addr 172.16.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.16.216.0/255.255.255.0/0/0)
current_peer 172.16.1.49 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 172.16.1.1, remote crypto endpt.: 172.16.1.49
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0.300
current outbound spi: 0x73D9E56C(1943659884)
inbound esp sas:
spi: 0x1F8F39BA(529480122)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2155, flow_id: FPGA:155, crypto map: STATICTEST
sa timing: remaining key lifetime (k/sec): (4575959/3151)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x73D9E56C(1943659884)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2156, flow_id: FPGA:156, crypto map: STATICTEST
sa timing: remaining key lifetime (k/sec): (4575959/3150)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
C1841D#
but when I cannont see any sa with the output of C1841D#sh crypto ipsec sa active
No SAs found
how is that possible?