03-08-2007 12:15 PM - edited 03-09-2019 05:33 PM
The VPN setup is Cisco to Checkpoint
The phase 1 and phase 2 ISAKMP settings have been verified. Connectivity is ok.
Any idea why I am seeing so many IKE SAs?
10.10.10.10 192.168.1.1 QM_IDLE 532 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 491 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 489 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 480 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 421 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 411 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 445 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 454 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 333 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 516 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 477 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 401 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 413 0 ACTIVE
10.10.10.10 192.168.1.1 QM_IDLE 517 0 ACTIVE
03-08-2007 01:20 PM
Because in Checkpoint you configure separate tunnels for separate subnets or host ip address.
But with Cisco You just create one single tunnel including all the subnets.
do you have multiple subnets or hosts in the crypto ACL..If you are not facing any kind of issue with the tunnel, then you can consider this as normal.
*Please rate if helped.
-Kanishka
03-09-2007 06:23 AM
Does everybody agree with this? It sure makes sense as there are 15 subnets in the 'rule' on the Checkpoint.
03-09-2007 06:30 AM
By the way in the Subject: IKA=IKE (typo)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: