Hi All,
I just checked my isakmp SA's and I'm getting something I find strange. It shows the following:
PIX# show cry isakmp sa Total : 1 Embryonic : 0 dst src state pending created xxx.xxx.xxx.24 xxx.xxx.xxx.150 QM_IDLE 0 1
But here's what I'm wondering, it shows this on the router I'm trying to connect to:
2621#show cry isakmp sa dst src state conn-id slot xxx.xxx.xxx.24 xxx.xxx.xxx.150 QM_IDLE 1 0I would think that both the PIX and the Router should mirror each other, with one being the source and the other the destination? Is there a way to track 'interesting information' marked by the ACL I have for VPN? Aren't the source and destination supposed to be reversed when viewing with this command?
BTW... I've also used show cry ipsec sa, which DOES show the local and remote addresses in the right places. I'm really confused on why this PIX and Router don't seem to send anything to each other. I've used the commands for matching internal IPs to Ips on the remote site, and have mirrored them.
I'm wondering if something's incompatible with the versions of the PIX and the Router. The PIX is 6.3(3) and the Router is 12.2(15).
Thanks,
Cos