The following example shows a successful negotiation between an NSX Edge and a Cisco device.
NSX Edge
CLI output of the show service ipsec
command.
NSX-edge-6-0> show service ipsec ----------------------------------------------------------------------- vShield Edge IPSec Service Status: IPSec Server is running. AESNI is enabled. Total Sites: 2, 2 UP, 0 Down Total Tunnels: 2, 2 UP, 0 Down ---------------------------------- Site: 10.109.229.244_0.0.0.0/0-10.109.229.246_0.0.0.0/0 Channel: PeerIp: 10.109.229.246 LocalIP: 10.109.229.244 Version: IKEv2 Status: UP Tunnel: PeerSubnet: 0.0.0.0/0 LocalSubnet: 0.0.0.0/0 Status: UP ---------------------------------- ---------------------------------- Site: 10.109.229.244_40.40.40.0/24-10.109.229.250_20.0.0.0/24 Channel: PeerIp: 10.109.229.250 LocalIP: 10.109.229.244 Version: IKEv1 Status: UP Tunnel: PeerSubnet: 20.0.0.0/24 LocalSubnet: 40.40.40.0/24 Status: UP ----------------------------------
Cisco
ciscoasa# show crypto isakmp sa detail Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 IKE Peer: 10.20.129.80 Type : L2L Role : responder Rekey : no State : MM_ACTIVE Encrypt : 3des Hash : SHA Auth : preshared Lifetime: 28800 Lifetime Remaining: 28379