Skip to main content
Network Engineering

Questions tagged [ike]

Ask Question

Questions relating to Internet Key Exchange (all versions) configuration, troubleshooting and operating.

34 questions
Newest Active Bountied Unanswered
3 votes
1 answer
164 views

I was trying to set up a IPsec tunnel on the firewall. I wonder how do firewall handles the traffic that destined to / originate from the firewall ? Since Interface Profile do not have a option to ...
jacky chong's user avatar
  • 323
0 votes
2 answers
695 views

I'm reading conflicting things about how PFS works in IPsec. Some sources say it's simply a renegotiation of the Phase 1 IKE/ISAKMP SA that ignores the original IKE/ISAKMP SA lifetime value and that ...
Ceejus's user avatar
  • 1
0 votes
1 answer
1k views

My end of the tunnel is on an ASAv in AWS. (version 9.14) show crypto isakmp sa 4 IKE Peer: 212.239.x.y Type : L2L Role : responder Rekey : no State : ...
Chris Holt's user avatar
  • 223
1 vote
0 answers
301 views

It seems I fail to understand few things about DH's functionality in the context of IKEv1. A little bit of context first: During IKE Main Phase, with the 3rd and 4th messages, the peers each exchange ...
Cosmin Ionut Grosu's user avatar
  • 33
3 votes
1 answer
495 views

I'm trying to debug a Cisco VPN setup as part of a Uni Lab (so please don't worry about posting of keys etc. it's just a toy setup with no internet facing connection). I want to decrypt the IKEv1 ...
DavidM's user avatar
  • 171
1 vote
0 answers
1k views

Hey I'm trying to create a tunnel between cisco router and google cloud vpn (client site) but the connection is stuck on stage 2 (UP-IDLE), need help where the problem may lie. Some debug that I get ...
Stimpee Eta's user avatar
  • 11
4 votes
2 answers
2k views

We have an IKEv2 IPSec tunnel between two Sophos XG Firewall appliances in a corporate system for a remote site. We don't have any specialized MSS or MTU settings other than what the IPSec tunnel ...
Thomas Ward's user avatar
  • 181
1 vote
1 answer
177 views

I am puzzled about two paragraphs regarding a notification payload in section 3.10 of RFC7296. There you can find the following: o Protocol ID (1 octet) - If this notification concerns an existing ...
Mathias Weidner's user avatar
  • 161
0 votes
0 answers
152 views

How SKEYID_a in IKEV1 phase 1 used in authentication in message 5 and 6 ?
Yashu Mittal's user avatar
  • 1
0 votes
1 answer
1k views

I have a Cisco 2901 router that has an IKEv1 IPSec VPN with a Palo Alto firewall. We had a problem with our existing VPN setup where it takes a long time to get the tunnel to come back up when re-...
John Santiago's user avatar
  • 7
0 votes
1 answer
1k views

I am trying to configure a ikev2 vpn between asa and router using tunnel interface. I have encountered the problem of it not even establishing the connection. There is no problem in the connectivity ...
chiajw1's user avatar
  • 37
0 votes
1 answer
11k views

Was does the MM_NO_STATE usually mean when having errors bringing phase 1 up? IPv4 Crypto ISAKMP SA dst src state conn-id status X.X.X.122 X.X.X.107 MM_NO_STATE ...
John Santiago's user avatar
  • 7
4 votes
1 answer
473 views

On a Juniper Firewall, the command show security pki local-certificate will give all sorts of detail for a local certificate. (The sort of certificate you would use to stand up an IKE connection) My ...
Ben Aveling's user avatar
  • 175
1 vote
0 answers
374 views

So i searched for some time now, read the https://www.rfc-editor.org/rfc/rfc2409[RFC][1] and simply couldn't find an answer to why Main Mode needs static adresses. The RFC states Aggressive Mode does ...
joni_93's user avatar
  • 11
1 vote
0 answers
1k views

I'm having an issue with a VPN tuunel between my Firewall (ASA 5516-X) and a third party firewall so I can't check the config in the second firewall. So I decide to debug my firewall and I realized ...
Jose Joaquin Barajas Duarte's user avatar
  • 11

15 30 50 per page
1
2 3