I have two PIX 506e's configured with a point-to-point VPN, which had been working for some time, but is no longer working. Is there any way to check the status of the connection using PDM or the command line?
How do I "restart" a VPN connection?
TIA
Sorry: Let me add a bit of information, drawn from the monitoring section of PDM on Pix "aaa"
IKE SAs sourceIP DestIP State xxx.xxx.xxx.aaa xxx.xxx.xxx.bbb QM_IDLE
IPSec Details for xxx.xxx.xxx.aaa/255.255.255.0/0/0
192.168.0.0/255.255.255.0/0/0 at Fri Mar 30 12:25:07 EST 2007local ident (addr/mask/prot/port): (xxx.xxx.xxx.aaa/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) current_peer: xxx.xxx.xxx.bbb:0 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #pkts no sa (send) 13, #pkts invalid sa (rcv) 0 #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0 #pkts invalid prot (recv) 0, #pkts verify failed: 0 #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0 ##pkts replay failed (rcv): 0 #pkts internal err (send): 0, #pkts internal err (recv) 0 local crypto endpt.: xxx.xxx.xxx.aaa, remote crypto endpt.: xxx.xxx.xxx.bbb path mtu 1500, ipsec overhead 0, media mtu 1500 current outbound spi: 0 inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas:
sh crypto ipsec sa debug crypto isakmp (term mon)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.