show crypto isakmp sa - src/dst explanation
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Piotr on September 10, 2008, 3:42 am
Please log in for more thread options I'm setting a vpn lab and there is one thing I don't really understand from show crypt isakmp sa output. The HQ router (10.0.0.1) is terminating all vpn connections. However I need a clarification about dst and src columns in the following output. Why 10.0.0.1 is either in dst or src column? What does it mean? HQ#show crypto isakmp sa dst src state conn-id slot status 10.0.0.1 192.168.1.1 QM_IDLE 945 0 ACTIVE 10.0.0.1 192.168.2.1 QM_IDLE 1443 0 ACTIVE 192.168.3.1 10.0.0.1 QM_IDLE 701 0 ACTIVE 10.0.0.1 192.168.4.1 QM_IDLE 1435 0 ACTIVE | |||||||||||||
|
Posted by marco74 on September 10, 2008, 10:25 am
Please log in for more thread options > 10.0.0.1 192.168.1.1 =A0 =A0QM_IDLE =A0 =A0 =A0 =A0 =A0 =A0945 =A0 =A00 A=
CTIVE
> 10.0.0.1 192.168.2.1 =A0QM_IDLE =A0 =A0 =A0 =A0 =A0 1443 =A0 =A00 ACTIVE
IVE
> 192.168.3.1 10.0.0.1 QM_IDLE =A0 =A0 =A0 =A0 =A0 =A0701 =A0 =A00 ACTIVE > 10.0.0.1 192.168.4.1 =A0 =A0QM_IDLE =A0 =A0 =A0 =A0 =A0 1435 =A0 =A00 ACT= It depends on the devices who started the VPN session; sometimes 10.0.0.1 sent the first initialization packet, sometimes it didn't. | |||||||||||||
|
Posted by Piotr on September 11, 2008, 1:36 am
Please log in for more thread options
marco74 wrote: >> I'm setting a vpn lab and there is one thing I don't really understand
>> from show crypt isakmp sa output. >> >> The HQ router (10.0.0.1) is terminating all vpn connections. However I >> need a clarification about dst and src columns in the following output. >> >> Why 10.0.0.1 is either in dst or src column? What does it mean? >> >> HQ#show crypto isakmp sa >> dst src state conn-id slot status >> 10.0.0.1 192.168.1.1 QM_IDLE 945 0 ACTIVE >> 10.0.0.1 192.168.2.1 QM_IDLE 1443 0 ACTIVE >> 192.168.3.1 10.0.0.1 QM_IDLE 701 0 ACTIVE >> 10.0.0.1 192.168.4.1 QM_IDLE 1435 0 ACTIVE >
> It depends on the devices who started the VPN session; sometimes > 10.0.0.1 sent the first initialization packet, sometimes it didn't. Just like I suspected. Thanks! | |||||||||||||
| Similar Threads | Posted |
| show crypto isakmp sa - src/dst explanation | September 10, 2008, 3:42 am |
| 3640 Router, no crypto isakmp enable | February 15, 2005, 1:30 pm |
| Show Crypto Map | July 2, 2006, 4:47 am |
| show eigrp accros crypto map, no updates | September 13, 2005, 12:07 pm |
| show calendar show clock | September 17, 2006, 10:39 pm |
| PIX ISAKMP: invalid udp len | July 12, 2005, 9:28 pm |
| resetting just one isakmp | October 31, 2005, 11:05 am |
| ISAKMP Profiles | July 20, 2006, 5:09 pm |
| isakmp key lenght | July 2, 2005, 2:49 pm |
| VPN client ISAKMP. | July 8, 2005, 2:07 pm |
| ISAKMP nat-traversal ? | November 28, 2005, 5:54 am |
| have PIX with VPN, need to obtain isakmp key | June 17, 2008, 3:13 pm |
| Quick question on isakmp (PIX) | July 22, 2005, 2:39 pm |
| Support for ISAKMP/IKE over IPv6 | January 12, 2006, 9:49 am |
| ISAKMP duplicate packets | August 28, 2007, 4:15 am |
> from show crypt isakmp sa output.
>
> The HQ router (10.0.0.1) is terminating all vpn connections. However I
> need a clarification about dst and src columns in the following output.
>
> Why 10.0.0.1 is either in dst or src column? What does it mean?
>
> HQ#show crypto isakmp sa
> dst =A0 =A0 =A0 =A0 =A0 =A0 src =A0 =A0 =A0 =A0 =A0 =A0 state =A0 =A0 =A0=