From: Chris Johnston (chris@routerguy.com)
Date: Sun Oct 12 2003 - 14:25:26 GMT-3
Basically that will tell you how many SA's have been "established".
When you build your SA, you probably have an access list that permits
several different subnets to be "protected" as you go across the VPN.
Say you are a vpngroup user. You VPN in. You hit a machine on the
192.168.10.0/24 net and you will see you get 1 created. Ping something
on the 192.168.20.0/24 net and it will increment to 2 created and so on.
==================================================================
Chris Johnston / Senior Systems Engineer <chris@routerguy.com>
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sam Munzani
Sent: Friday, October 10, 2003 1:42 PM
To: ccielab@groupstudy.com
Cc: cciesecurity@yahoogroup.com
Subject: "show crypto isakmp sa" command on PIX
Hi,
What does last column represent in "show crypto isakmp sa" command of
PIX. Below is an output from my PIX with IP address changed. PIX# sh
crypto isakmp sa
Total : 5
Embryonic : 0
dst src state pending created
12.67.55.23 12.207.183.209 QM_IDLE 0 1
12.67.55.23 12.160.196.102 QM_IDLE 0 3
12.67.55.23 65.23.110.6 QM_IDLE 0 2
12.67.55.23 12.134.222.126 QM_IDLE 0 1
All 5 sites works great. However one of my friend with similar
configuration has last field incrementing. His site is PIX to NetScreen
and works too.
I could not find any reference in PIX documentations.
Thanks
Sam
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:53:00 GMT-3