kskr_networks
asked on
Show Crypto IPSec sa
I have a question related to IPSec VPN from the Show Crypto IPSec sa output, I dont see any packets being decapsulated, is that something a common issue or how do we understand this.can someone explain, this is the outpout from my local firewall
Crypto map tag: outside_map, seq num: 3, local addr: 10.10.10.10
access-list outside_cryptomap extended permit ip host 1.1.1.1 2.2.2.2 255.255.255.240
local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/0 /0)
remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.240/0 /0)
current_peer: 20.20.20.20
#pkts encaps: 16697, #pkts encrypt: 16697, #pkts digest: 16697
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16697, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 10.10.10.10/0, remote crypto endpt.: 20.20.20.20/0
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 4ACDB09D
current inbound spi : 26662405
inbound esp sas:
spi: 0x26662405 (644228101)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 228347904, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/12102)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000000 0x00000000 0x00000001
outbound esp sas:
spi: 0x4ACDB09D (1254994077)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 228347904, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4372630/12102)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000000 0x00000000 0x00000001
Crypto map tag: outside_map, seq num: 3, local addr: 10.10.10.10
access-list outside_cryptomap extended permit ip host 1.1.1.1 2.2.2.2 255.255.255.240
local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/0
remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.240/0
current_peer: 20.20.20.20
#pkts encaps: 16697, #pkts encrypt: 16697, #pkts digest: 16697
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16697, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 10.10.10.10/0, remote crypto endpt.: 20.20.20.20/0
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 4ACDB09D
current inbound spi : 26662405
inbound esp sas:
spi: 0x26662405 (644228101)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 228347904, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4374000/12102)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000000 0x00000000 0x00000001
outbound esp sas:
spi: 0x4ACDB09D (1254994077)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 228347904, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4372630/12102)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000000 0x00000000 0x00000001
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER