The most interesting of these (for troubleshooting purposes) are the Encrypted and Decrypted show security ipsec statistics index 131073ĪH authentication failures: 0, Replay errors: 1021ĮSP authentication failures: 0, ESP decryption failures: 0īad headers: 0, Bad trailers: 0 5. The output will contain a number of counters. To confirm statistics based on the Phase 2 SA run the following command. Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)Īnti-replay service: counter-based enabled, Replay window size: 64ĭirection: outbound, SPI: 3e576ead, AUX-SPI: 0Īnti-replay service: counter-based enabled, Replay window size: 64 4.
Mode: tunnel, Type: dynamic, State: installed If Phase 2 has completed you can confirm further details on each of the SA`s (Security Associations) by using the SA show security ipsec security-associations index 131073 ID Gateway Port Algorithm SPI Life:sec/kb Mon vsysġ31073 500 ESP:aes-128/sha1 3e576ead 2041/ unlim – root If Phase 2 fails to complete revisist your Phase 2 parameters using the commands shown in Section show security ipsec security-associations To confirm the successful completion of Phase 2 run the following command. Index Remote Address State Initiator cookie Responder cookie ModeĦ950 UP 33204fba87663d94 70acacd5f938f89b Main 3. If Phase 1 fails to complete revisit your Phase 1 parameters using the commands shown in Section show security ike security-associations To confirm the successful completion of Phase 1 run the following command. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter’s with the remote show configuration security show configuration security ipsec First of all check the VPN configuration.
0 kommentar(er)
