I just created a map between to routers, i added crypto ipsec transform-set crypto isakmp key and last added the crypto map
when i do show crypto map session, nothing shows
do i have to clear the sa and iskmp?
will everyone get disconnect?
thanks.
I think you can try SDM interface of the routers. This web interface eases the VPN setup. Then you can run the "debug crypto isakmp" to check what's going on.
If SDM is already setup on your routers, then you can access it by http://router-ip or https://router-ip
DT
SDM info :
In article , wrote: :I just created a map between to routers, i added :crypto ipsec transform-set :crypto isakmp key :and last added the crypto map
:when i do show crypto map session, nothing shows
:do i have to clear the sa and iskmp?
:will everyone get disconnect?
You aren't giving us much to go on. Is this a second (or additional) crypto map? On the same interface? Or is it the first crypto map?
I don't know how it works in IOS, but in Cisco PIX when you change the ACL that defines a crypto map policy, or when you add new crypto map policies, then it is necessary to clear the ipsec SA's in order to be -sure- that the new entries will take effect. If you do not do the clear, then on the PIX sometimes the changes will take effect and sometimes they won't, and sometimes they will give every indication as if they had taken effect but they don't actually pass traffic.
If you clear the ipsec SA's, then all IPSec users will have their session disconnected... and promptly renegotiated the next time their end sends traffic through. I don't know what happens if the session had been given a dynamic VPN IP pool address... I've really only worked with site-to-site VPNs, and those resume after the clear as if nothing had happened.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.