Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec Tunnel Issue

I have setup IPSec Tunnel between two peers.  Below is a result of ip cry sa:

interface: outside
    Crypto map tag: outside_map, local addr.

   local  ident (addr/mask/prot/port): (FW_SEGMENT/
   remote ident (addr/mask/prot/port): (EDS_FW_SEGMENT/
   current_peer: EDSFW:500
   dynamic allocated peer ip:

     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 446, #pkts encrypt: 446, #pkts digest 446
    #pkts decaps: 377, #pkts decrypt: 377, #pkts verify 377
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 34531, #recv errors 0

     local crypto endpt.:, remote crypto endpt.: EDSFW
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 0

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

On the other peer there is something below in inbound esp sas and outbound but obviously on this peer there is not.  I am unable to ping from one peer to the other and the packet count has not increase once i run the command again.  Any ideas?

Cisco Employee

Re: IPSec Tunnel Issue

Phase 2 IPsec is not up.

The counters for encaps decaps are historic.

There are a lot of possibilities why this can happen. Debug cry isa and debug crypto ipsec will tell you more.

CreatePlease to create content