Local Gateway: xx.xxx.xx.202, Remote Gateway: .236 ID Algorithm SPI Life:sec/kb Mon vsys Port GatewayĢ ESP:aes-256/sha1 59c5e156 6686/ unlim - root 500 .236Ģ ESP:aes-256/sha1 59c5e158 7305/ unlim - root 500 show security ipsec security-associations detail IPSec security associations: 1 created, 0 deletedįlags: IKE SA is show security ip security-associations
Initiator cookie: 6e06f3992aef2102, Responder cookie: afec5dd17921d28a Negotiation type: Quick mode, Role: Responder, Message ID: 0 IPSec security associations: 1 created, 1 deleted Initiator cookie: a97609f5a9a38078, Responder cookie: e4afc2b0c537fd5cĮxchange type: Main, Authentication method: Pre-shared-keys Index State Initiator cookie Responder cookie Mode Remote AddressĦ979863 UP a97609f5a9a38078 e4afc2b0c537fd5c Main .236Ħ979862 UP 6e06f3992aef2102 afec5dd17921d28a Main show security ike security-associations detail There is 1 tunnel with 1 subnet show security ike security-associations But it is still an issue and I can't figure out for the life of me why this is happening. This is running very stable compared to when I was seeing 20+ IKE sa's. Occasionally we are seeing drops on the VPN tunnel for brief moments, during those times another ike sa tends to show up with the old ones remaining. Today I am seeing a duplicate of IPSEC sa's (which I have not seen prior to today). but even now I am getting very odd results. I have managed to lower the number of IKE sessions I'm seeing by asking the remote side to disable the persistant connection establishment option on the check point (we were seeing ~20-30 IKE SAs!). I have been having a ton of issues with a VPN connection between a SRX-240H and a Check Point device.
0 kommentar(er)
