Re: crypto map not working
- From: roberson@xxxxxxxxxxxxxxxxxx (Walter Roberson)
- Date: Wed, 31 Aug 2005 03:26:54 +0000 (UTC)
In article <1125424745.165106.217100@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<jcharth@xxxxxxxxxxx> wrote:
:I just created a map between to routers, i added
:crypto ipsec transform-set
:crypto isakmp key
:and last added the crypto map
:when i do show crypto map session, nothing shows
:do i have to clear the sa and iskmp?
:will everyone get disconnect?
You aren't giving us much to go on. Is this a second (or additional)
crypto map? On the same interface? Or is it the first crypto map?
I don't know how it works in IOS, but in Cisco PIX when you
change the ACL that defines a crypto map policy, or when you add
new crypto map policies, then it is necessary to clear the ipsec SA's
in order to be -sure- that the new entries will take effect. If you
do not do the clear, then on the PIX sometimes the changes will take effect
and sometimes they won't, and sometimes they will give every
indication as if they had taken effect but they don't actually pass
traffic.
If you clear the ipsec SA's, then all IPSec users will have their
session disconnected... and promptly renegotiated the next time their
end sends traffic through. I don't know what happens if the session
had been given a dynamic VPN IP pool address... I've really only
worked with site-to-site VPNs, and those resume after the clear
as if nothing had happened.
--
Entropy is the logarithm of probability -- Boltzmann
.
- References:
- crypto map not working
- From: jcharth
- crypto map not working
- Prev by Date: Re: site-to-site VPN between a 1721 and a 857
- Next by Date: Re: Call Manager 5 beta - hardware info
- Previous by thread: crypto map not working
- Next by thread: Re: crypto map not working
- Index(es):
