Successful Negotiation (both Phase 1 and Phase 2)

The following example shows a successful negotiation between an NSX Edge and a Cisco device.

NSX Edge

CLI output of the show service ipsec command.

NSX-edge-6-0> show service ipsec
-----------------------------------------------------------------------
vShield Edge IPSec Service Status:
IPSec Server is running.
AESNI is enabled.
Total Sites: 2, 2 UP, 0 Down
Total Tunnels: 2, 2 UP, 0 Down
----------------------------------
Site:  10.109.229.244_0.0.0.0/0-10.109.229.246_0.0.0.0/0
Channel: PeerIp: 10.109.229.246    LocalIP: 10.109.229.244  Version: IKEv2  Status: UP
Tunnel: PeerSubnet: 0.0.0.0/0    LocalSubnet: 0.0.0.0/0   Status: UP
----------------------------------
----------------------------------
Site:  10.109.229.244_40.40.40.0/24-10.109.229.250_20.0.0.0/24
Channel: PeerIp: 10.109.229.250    LocalIP: 10.109.229.244  Version: IKEv1  Status: UP
Tunnel: PeerSubnet: 20.0.0.0/24    LocalSubnet: 40.40.40.0/24   Status: UP
----------------------------------

Cisco

ciscoasa# show crypto isakmp sa detail

    Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

    IKE Peer: 10.20.129.80
    Type : L2L        Role    : responder 
    Rekey : no        State   : MM_ACTIVE
    Encrypt : 3des    Hash    : SHA       
    Auth : preshared  Lifetime: 28800
    Lifetime Remaining: 28379