Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec Tunnel Issue

I have setup IPSec Tunnel between two peers.  Below is a result of ip cry sa:

interface: outside
    Crypto map tag: outside_map, local addr. 192.200.222.16

   local  ident (addr/mask/prot/port): (FW_SEGMENT/255.255.240.0/0/0)
   remote ident (addr/mask/prot/port): (EDS_FW_SEGMENT/255.255.255.0/0/0)
   current_peer: EDSFW:500
   dynamic allocated peer ip: 0.0.0.0

     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 446, #pkts encrypt: 446, #pkts digest 446
    #pkts decaps: 377, #pkts decrypt: 377, #pkts verify 377
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 34531, #recv errors 0

     local crypto endpt.: 192.200.222.16, remote crypto endpt.: EDSFW
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 0

     inbound esp sas:


     inbound ah sas:


     inbound pcp sas:


     outbound esp sas:


     outbound ah sas:


     outbound pcp sas:

On the other peer there is something below in inbound esp sas and outbound but obviously on this peer there is not.  I am unable to ping from one peer to the other and the packet count has not increase once i run the command again.  Any ideas?

1 REPLY
Cisco Employee

Re: IPSec Tunnel Issue

Phase 2 IPsec is not up.

The counters for encaps decaps are historic.

There are a lot of possibilities why this can happen. Debug cry isa and debug crypto ipsec will tell you more.

154
Views
0
Helpful
1
Replies
CreatePlease to create content