Patrick,
What you can also do, is when your within the PIX you can issue the command
"show crypto ipsec sa". What you're looking for is the Outbound/Inbound
SPI's
(Security Parameters Index) this is a 32bit number that is negotiated
between the
peers during the IPSec SA negotiation. There are 2 SA's for each IPSec peer
per IP Subnet and they are uni-directional (inbound/outbound). What you
should
see is on the PIX side your outbound SPI will be equal to the inbound on the
Concentrator side & then on the PIX inbound SPI will be equal to the
outbound
on the Concentrator side. If these are equal, then you can look at the
IPSec SA
counters with the same command (show crypto ipsec sa) and look at the
traffic
counters, and you should see the enciphering and the deciphering of data on
both
sides. Such as, use ping with a set packet count and verify on both sides
that the
enciphering/deciphering of data is happening between the 2 peers. Check
those
out and give us an update. HTH. Thanks,
- jek
"Patrick Donlon" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
>
> I'm looking for some information on how to verify the configuration of a
PIX
> with an IPsec tunnel to a VPN concentrator. I have a tunnel that keeps
> bouncing, I think that instabilities across the internet could be causing
> some of the problems as I see the path changing quite a lot from the
> Netherlands to Dubai. I can't find the command(s), or understand the ones
> I've used, which tells me whether the tunnel is up on the PIX, I can see
> from the concentrator that it's down but I want to know about the PIX too.
> Any other advise is appreciated
>
> Cheers
>
> Pat
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34968&t=34742
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
