480
<Router> display ike sa
total phase-1 SAs: 0
connection-id peer flag phase doi status
----------------------------------------------------------------------------
Solution
If the failure occurred between GM and KS, verify that the IKE proposal and IKE peer configurations
on the GM and the KS match, and that the GM and the KS can reach each other.
If the failure occurred between KSs, verify that the IKE proposal and IKE peer configurations on the
KSs match, and that the KSs can reach each other.
GM registration failure
Symptom
The GM failed to register with the KS.
Analysis
Execute the following command on the GM.
<Router> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi status
----------------------------------------------------------------------------
18 90.1.1.1 RD|ST 1 GROUP --
The output shows that only one IKE SA has been generated. No rekey SA and IPsec SA have been
generated.
Solution
Verify that the GM and KS have the same group ID.
KS redundancy failure
Symptom
KS redundancy configuration does not take effect.
Analysis
Display KS redundancy information on KS 1. The output shows that each KS considers itself as the
primary KS.
<KS1> display gdoi ks redundancy
Group Name :ks1
Local address : 100.1.1.100
Local version : 1.0
Local priority : 10000
Local role : Primary
Primary address : 100.1.1.100
Sessions:
Session 1:
Peer address : 200.2.2.200
Peer version : Unknown
Peer priority : Unknown
To Next Page
Loading...
Need help?
General
