Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Interpreting debug crypto isakmp

Is anyone aware of a link where one can reference what configuration line is missing from the firweall when running a "debug crypto isakmp 250"

Yesterday I lost all my tunnels, ran this debug and got the following:

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1]: IKE receiver: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:03 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

I am looking to explain the above debug results as well as a link that will associate a debug output with what's missing in a config.

any idea?

1 REPLY
Cisco Employee

Re: Interpreting debug crypto isakmp

Hello Roni,

Looks like you are running into Bug ID CSCsk44832.

Please use the below URL to look up the bug id and the version that has the fix.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Also, link to the release notes for 7.2 code.

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn724.html

Regards,

Arul

** Please rate all helpful posts **

254
Views
0
Helpful
1
Replies