[c-nsp] ASA5510 - show vpn-sessiondb l2l - Question
When I do a show vpn-sessiondb l2l for my one peer Encryption and hashing alg is repeated 3 times Encryption : AES256 AES256 AES256 Hashing : SHA1 SHA1 SHA1 The Remote side of the VPN shows the following Encryption : AES256 Hashing : SHA1 Does anyone know why this happening config issue or output bug? FW# show vpn-sessiondb l2l Session Type: LAN-to-LAN Index: 42 IP Addr : 1.1.1.1 Protocol : IKEv1 IPsec Encryption : AES256 AES256 AES256 Hashing : SHA1 SHA1 SHA1 Bytes Tx : 35014 Bytes Rx : 12693 Login Time : 11:11:04 CDT Mon Jun 4 2012 Duration : 0h:00m:29s VPN Config -- Local Firewall: ASA5510, 8.4.3 Remote Firewall: ASA5510, 8.2.1 crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map mymap 100 match address VPN-VPNACL crypto map mymap 100 set peer 1.1.1.1 crypto map mymap 100 set ikev1 transform-set ESP-AES256-SHA crypto map mymap interface outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 group-policy L2LVPN internal group-policy L2LVPN attributes vpn-idle-timeout none vpn-filter none ipv6-vpn-filter none vpn-tunnel-protocol ikev1 l2tp-ipsec tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 general-attributes default-group-policy L2LVPN tunnel-group 1.1.1.1 ipsec-attributes ikev1 pre-shared-key * isakmp keepalive threshold 10 retry 5 Thanks Erik CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA5510 - show vpn-sessiondb l2l - Question
When I do a show vpn-sessiondb l2l for my one peer Encryption and hashing alg is repeated 3 times Encryption : AES256 AES256 AES256 Hashing : SHA1 SHA1 SHA1 The Remote side of the VPN shows the following Encryption : AES256 Hashing : SHA1 Does anyone know why this happening config issue or output bug? FW# show vpn-sessiondb l2l Session Type: LAN-to-LAN Index: 42 IP Addr : 1.1.1.1 Protocol : IKEv1 IPsec Encryption : AES256 AES256 AES256 Hashing : SHA1 SHA1 SHA1 Bytes Tx : 35014 Bytes Rx : 12693 Login Time : 11:11:04 CDT Mon Jun 4 2012 Duration : 0h:00m:29s VPN Config -- Local Firewall: ASA5510, 8.4.3 Remote Firewall: ASA5510, 8.2.1 crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map mymap 100 match address VPN-VPNACL crypto map mymap 100 set peer 1.1.1.1 crypto map mymap 100 set ikev1 transform-set ESP-AES256-SHA crypto map mymap interface outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 group-policy L2LVPN internal group-policy L2LVPN attributes vpn-idle-timeout none vpn-filter none ipv6-vpn-filter none vpn-tunnel-protocol ikev1 l2tp-ipsec tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 general-attributes default-group-policy L2LVPN tunnel-group 1.1.1.1 ipsec-attributes ikev1 pre-shared-key * isakmp keepalive threshold 10 retry 5 Thanks Erik CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA5510 - show vpn-sessiondb l2l - Question
On Mon, Jun 04, 2012 at 20:23:47, Erik Sundberg wrote: Subject: [c-nsp] ASA5510 - show vpn-sessiondb l2l - Question When I do a show vpn-sessiondb l2l for my one peer Encryption and hashing alg is repeated 3 times Encryption : AES256 AES256 AES256 Hashing : SHA1 SHA1 SHA1 The Remote side of the VPN shows the following Encryption : AES256 Hashing : SHA1 Does anyone know why this happening config issue or output bug? I'm going with output bug, here is my 8.4.3: Protocol : IKEv1 IPsec Encryption : 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES 3DES Hashing : SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 SHA1 Wasn't able to find a specific bug, but it appears to just be cosmetic. Maybe each time Phase 1 is restarted. -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
