RE: I have a strange case

From: CCIE <ccie_at_axizo.com>
Date: Thu, 12 Nov 2009 10:49:25 +0200

Hi

 

MNE-ASA# sho crypto isakmp sa

 

   Active SA: 4

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 4

 

1 IKE Peer: 213.6.231.61

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

2 IKE Peer: 213.6.79.72

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

3 IKE Peer: 213.6.6.199

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

4 IKE Peer: 213.6.127.30

    Type : user Role : responder

    Rekey : no State : AM_TM_INIT_XAUTH_V6H

 

NE-ASA# sho crypto isakmp sa

 

   Active SA: 4

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 4

 

1 IKE Peer: 213.6.231.61

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

2 IKE Peer: 213.6.79.72

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

3 IKE Peer: 213.6.6.199

    Type : user Role : responder

    Rekey : no State : AM_ACTIVE

4 IKE Peer: 213.6.127.30

    Type : user Role : responder

    Rekey : no State : AM_WAIT_MSG3

 

The fourth router will keep switches between the above tow statuses.

Regards,

Amin

 

 

 

From: Paul Cosgrove [mailto:paul.cosgrove.groupstudy_at_gmail.com]
Sent: Thursday, November 12, 2009 10:46 AM
To: CCIE
Cc: Joseph L. Brunner; ccielab_at_groupstudy.com
Subject: Re: I have a strange case

 

Hi Amin,

Is there traffic attempting to use each of the ipsec tunnels? What
commands are you using to verify the status of each tunnel?

Paul

On Thu, Nov 12, 2009 at 8:33 AM, CCIE <ccie_at_axizo.com> wrote:

There is a Cisco router 878, but the VPNs are terminated on the ASA not on
the router?

-----Original Message-----
From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Thursday, November 12, 2009 10:30 AM
To: CCIE; ccielab_at_groupstudy.com
Subject: RE: I have a strange case

What is in front of the asa?

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of CCIE
Sent: Thursday, November 12, 2009 2:51 AM
To: ccielab_at_groupstudy.com
Subject: I have a strange case

Hi experts,

I have an ASA 5510 configured for remote Access VPN, there are 5 remote VPN
clients (routers), it allow just three of them to connect to it, I can
verify that be doing clear crypto ipsec sa, each time I do this command I
discover that there are 3 different remote sites gets connected.

And I can see that the ASA support 250 VPN peers.

Any advice?

Regards,

Amin

Blogs and organic groups at http://www.ccie.net
Received on Thu Nov 12 2009 - 10:49:25 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART