ISAKMP

Discussion in 'Cisco' started by Rik Bain, Oct 22, 2003.

  1. Rik Bain

    Rik Bain Guest

    On Wed, 22 Oct 2003 20:29:25 +0600, fabio luzi wrote:

    > Anyone can help me ?
    > My problem is this :
    > When I type the command
    > sh crypto isakmp sa , on a Cisco with IOS Firewall . the output don' t
    > show me all the vpn that in that moment is on . I don't understand why ,
    > Is this a bug ?
    >
    > I need of this because many of the crypto map on this router are old and
    > I shall to delete the old and not rechability peer .
    >
    >
    > Thanks ... bye


    It will show active isamkp sa's. Depending on how you have your
    lifetimes configured, or whether you cleared the isakmp sa's, you may not
    see an active isakmp sa for all you IPSEC peers. No worries though,
    they will renegotiate when needed.

    For example, if you have active tunnels, and do "clear cry isa sa", the
    tunnels wont drop, but the isakmp sa's will be cleared.


    Rik Bain
     
    Rik Bain, Oct 22, 2003
    #1
    1. Advertising

  2. Rik Bain

    fabio luzi Guest

    Anyone can help me ?
    My problem is this :
    When I type the command
    sh crypto isakmp sa , on a Cisco with IOS Firewall .
    the output don' t show me all the vpn that in that moment is on .
    I don't understand why ,
    Is this a bug ?

    I need of this because many of the crypto map on this router are old
    and I shall to delete the old and not rechability peer .


    Thanks ... bye
     
    fabio luzi, Oct 22, 2003
    #2
    1. Advertising

  3. In article <>,
    fabio luzi <> wrote:
    :My problem is this :
    :When I type the command
    :sh crypto isakmp sa , on a Cisco with IOS Firewall .
    :the output don' t show me all the vpn that in that moment is on .
    :I don't understand why ,
    :Is this a bug ?

    :I need of this because many of the crypto map on this router are old
    :and I shall to delete the old and not rechability peer .

    I'm not as familiar with IPSec under IOS, but on the PIX,
    show crypto isakmp sa only shows -current- IKE associations.
    As you are trying to find unreachable peers, those peers are not
    going to have current IKE associations so they aren't going to
    be listed.

    Perhaps show crypto ipsec sa would be more useful to you?
    --
    Rump-Titty-Titty-Tum-TAH-Tee -- Fritz Lieber
     
    Walter Roberson, Oct 22, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bob Smith
    Replies:
    3
    Views:
    3,898
    Masud Reza
    Jan 15, 2004
  2. a segal
    Replies:
    0
    Views:
    712
    a segal
    Jan 21, 2004
  3. Michael Gross

    Display real "isakmp key" on PIX 6.3

    Michael Gross, May 10, 2004, in forum: Cisco
    Replies:
    3
    Views:
    6,804
    Henrik Christensen
    May 24, 2004
  4. jt
    Replies:
    1
    Views:
    1,529
  5. Tim Schultz

    ISAKMP key for dynamic VPN Client

    Tim Schultz, May 19, 2004, in forum: Cisco
    Replies:
    6
    Views:
    2,935
    Tim Schultz
    May 19, 2004
Loading...

Share This Page