Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ISAKMP

Reply
Thread Tools

ISAKMP

 
 
Rik Bain
Guest
Posts: n/a
 
      10-22-2003
On Wed, 22 Oct 2003 20:29:25 +0600, fabio luzi wrote:

> Anyone can help me ?
> My problem is this :
> When I type the command
> sh crypto isakmp sa , on a Cisco with IOS Firewall . the output don' t
> show me all the vpn that in that moment is on . I don't understand why ,
> Is this a bug ?
>
> I need of this because many of the crypto map on this router are old and
> I shall to delete the old and not rechability peer .
>
>
> Thanks ... bye


It will show active isamkp sa's. Depending on how you have your
lifetimes configured, or whether you cleared the isakmp sa's, you may not
see an active isakmp sa for all you IPSEC peers. No worries though,
they will renegotiate when needed.

For example, if you have active tunnels, and do "clear cry isa sa", the
tunnels wont drop, but the isakmp sa's will be cleared.


Rik Bain
 
Reply With Quote
 
 
 
 
fabio luzi
Guest
Posts: n/a
 
      10-22-2003
Anyone can help me ?
My problem is this :
When I type the command
sh crypto isakmp sa , on a Cisco with IOS Firewall .
the output don' t show me all the vpn that in that moment is on .
I don't understand why ,
Is this a bug ?

I need of this because many of the crypto map on this router are old
and I shall to delete the old and not rechability peer .


Thanks ... bye
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      10-22-2003
In article <(E-Mail Removed)> ,
fabio luzi <(E-Mail Removed)> wrote:
:My problem is this :
:When I type the command
:sh crypto isakmp sa , on a Cisco with IOS Firewall .
:the output don' t show me all the vpn that in that moment is on .
:I don't understand why ,
:Is this a bug ?

:I need of this because many of the crypto map on this router are old
:and I shall to delete the old and not rechability peer .

I'm not as familiar with IPSec under IOS, but on the PIX,
show crypto isakmp sa only shows -current- IKE associations.
As you are trying to find unreachable peers, those peers are not
going to have current IKE associations so they aren't going to
be listed.

Perhaps show crypto ipsec sa would be more useful to you?
--
Rump-Titty-Titty-Tum-TAH-Tee -- Fritz Lieber
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Display real "isakmp key" on PIX 6.3 Michael Gross Cisco 3 05-24-2004 06:38 PM
ISAKMP key for dynamic VPN Client Tim Schultz Cisco 6 05-19-2004 08:06 PM
ISAKMP / IKE: Router cert not found jt Cisco 1 05-16-2004 03:50 PM
crypto isakmp policy .. advice :D a segal Cisco 0 01-21-2004 09:24 PM
isakmp main mode cert exchange problem Bob Smith Cisco 3 01-15-2004 05:49 PM



Advertisments