Tunnels up, no esp sas

Discussion in 'Cisco' started by ssrjazz@gmail.com, Nov 11, 2005.

  1. Guest

    Pix 515e and 501. v6

    Already have multiple tunnels between the 515 and other 501s. Seems
    like every time I add a new one it gives me trouble.

    Last one I added, isakmp phases complete fine, ipsec appears to go ok,
    tunnel comes up, but no outbound or inbound esp sa's are shown.

    What are some typical causes for that? I'm not sure -where- in the
    config to start looking and need some suggestions.

    Thanks.
     
    , Nov 11, 2005
    #1
    1. Advertising

  2. rave Guest

    HI,

    The problem is that if you make any changes in the crypto config, you
    have to clear the ipsec sa's for the new settings to create an ipsec
    sa.
    so each time you add a new crypto peer just remove the crypto map from
    teh outside interface and then reapply or you can use the command clear
    ipsec sa to clear the sa's so that new settings take effect.
    Mind you any of the steps you do will teardown the existing phase 2
    sa's.

    Regards,
    Rave
     
    rave, Nov 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael

    fixup protocol esp-ike

    Michael, Nov 28, 2003, in forum: Cisco
    Replies:
    1
    Views:
    6,006
    Walter Roberson
    Nov 29, 2003
  2. Sean McGrath
    Replies:
    0
    Views:
    1,990
    Sean McGrath
    Dec 29, 2003
  3. Kamil Olszewski

    Support ESP Header in IPv6

    Kamil Olszewski, Apr 9, 2005, in forum: Cisco
    Replies:
    1
    Views:
    448
    BradReeseCom
    Apr 9, 2005
  4. ljorg
    Replies:
    0
    Views:
    515
    ljorg
    Nov 22, 2006
  5. philbo30
    Replies:
    1
    Views:
    683
    Walter Roberson
    Apr 12, 2007
Loading...

Share This Page