[c-nsp] ASA5510 - show vpn-sessiondb l2l - Question

Erik Sundberg ESundberg at nitelusa.com
Mon Jun 4 12:26:38 EDT 2012


When I do a show vpn-sessiondb l2l for  my one peer Encryption and hashing alg is repeated 3 times

Encryption   : AES256 AES256 AES256   Hashing      : SHA1 SHA1 SHA1

The Remote side of the VPN shows the following

Encryption   : AES256                 Hashing      : SHA1

Does anyone know why this happening config issue or output bug?




FW# show vpn-sessiondb l2l

Session Type: LAN-to-LAN

Index        : 42                     IP Addr      : 1.1.1.1
Protocol     : IKEv1 IPsec
>>>>>>>>Encryption   : AES256 AES256 AES256   Hashing      : SHA1 SHA1 SHA1
Bytes Tx     : 35014                  Bytes Rx     : 12693
Login Time   : 11:11:04 CDT Mon Jun 4 2012
Duration     : 0h:00m:29s



VPN Config
--------------

Local Firewall: ASA5510, 8.4.3
Remote Firewall: ASA5510, 8.2.1


crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map mymap 100 match address VPN-VPNACL
crypto map mymap 100 set peer 1.1.1.1
crypto map mymap 100 set ikev1 transform-set ESP-AES256-SHA
crypto map mymap interface outside

crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

group-policy L2LVPN internal
group-policy L2LVPN attributes
vpn-idle-timeout none
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 l2tp-ipsec

tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 general-attributes
default-group-policy L2LVPN
tunnel-group 1.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 10 retry 5


Thanks

Erik



________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.


More information about the cisco-nsp mailing list