[c-nsp] ASA EZVPN config
Ahmad Cheikh Moussa
acm at netuse.de
Mon Apr 30 10:30:47 EDT 2007
Hi Christian,
Christian Zeng wrote:
> * Ahmad Cheikh-Moussa <acm at netuse.de> wrote:
>>> When I add vpnclient management clear to my vpnclient config, then everything
>>> works. Is this a new feature ?
>
> http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008068dabe.html#wp1001074
Thanks for the link. This makes a more clear.
>
>> One another question. The output of the show crypto isakmp sa has changed.
>> With 6.x, if a tunnel is established, the state were QM_Idle.
>> Now with 7.x it is AM_Active. On an IOS Router it is still QM_Idle.
>
> AM denotes Aggressive Mode exchange, QM means Quick Mode. Depending on
> what the initiator proposes and what the resonder is willing to accept,
> AM may be used for establishing IKE SA. This may be the case when you
> want to establish Lan-2-Lan tunnels with preshared keys when the remote
> end has dynamic IP addresses.
ok, but why active and not idle ?
Why shows the ASA AM_Active and the IOS Gateway qm_idle ?
On both I used the command "show crypto isakmp sa".
Regards,
Ahmad
--
Ahmad Cheikh-Moussa
ISP-Technik
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499
Service: Service at NetUSE.DE -- http://NetUSE.DE/
Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Jörg Posewang
Aufsichtsrat: Detlev Hübner (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942
Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.
More information about the cisco-nsp
mailing list