VPN problems, PIX and Router

Discussion in 'Cisco' started by cosmicspin@yahoo.com, Sep 2, 2005.

  1. Guest

    Hi All,

    I just checked my isakmp SA's and I'm getting something I find strange.
    It shows the following:


    PIX# show cry isakmp sa
    Total : 1
    Embryonic : 0
    dst src state pending created
    xxx.xxx.xxx.24 xxx.xxx.xxx.150 QM_IDLE 0 1

    But here's what I'm wondering, it shows this on the router I'm trying
    to connect to:

    2621#show cry isakmp sa
    dst src state conn-id slot
    xxx.xxx.xxx.24 xxx.xxx.xxx.150 QM_IDLE 1 0

    I would think that both the PIX and the Router should mirror each
    other, with one being the source and the other the destination? Is
    there a way to track 'interesting information' marked by the ACL I have
    for VPN? Aren't the source and destination supposed to be reversed
    when viewing with this command?

    BTW... I've also used show cry ipsec sa, which DOES show the local and
    remote addresses in the right places. I'm really confused on why this
    PIX and Router don't seem to send anything to each other. I've used
    the commands for matching internal IPs to Ips on the remote site, and
    have mirrored them.

    I'm wondering if something's incompatible with the versions of the PIX
    and the Router. The PIX is 6.3(3) and the Router is 12.2(15).

    Thanks,

    Cos
    , Sep 2, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,762
    Martin Bilgrav
    Feb 6, 2004
  2. Tom
    Replies:
    4
    Views:
    653
  3. Kai
    Replies:
    0
    Views:
    7,605
  4. Al
    Replies:
    0
    Views:
    5,195
  5. Svenn
    Replies:
    3
    Views:
    708
    Svenn
    Mar 13, 2006
Loading...

Share This Page