Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPSEC duplicated entry when listing cripto sessions

Unanswered Question
Jan 8th, 2014
User Badges:

Very weird:

My crypto session with ZZZ.ZZZ.ZZZ.ZZZ. apears three times ....

mdz-gc-he-asr#show crypto session brief
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
        K - No IKE
ivrf = (none)
           Peer     I/F        Username          Group/Phase1_id   Uptime Status
  XXX.XXX.XXX.XXX Gi0/1/1                   XXX.XXX.XXX.XXX. 00:45:08    UA
  ZZZ.ZZZ.ZZZ.ZZZ. Gi0/1/1                            ZZZ.ZZZ.ZZZ.ZZZ.             UI
  ZZZ.ZZZ.ZZZ.ZZZ  Gi0/1/1                                                      UI
  ZZZ.ZZZ.ZZZ.ZZZ Gi0/1/1                                                      UI
    YYY.YYY.YYY.YYY    Tu20                              YYY.YYY.YYY.YYY     7w0d    UA

Though I have my session up , I can not course traffic through the tunnel,

How can I restart my session with peer zzz.zzz.zzz.zzz ?

Any ideas ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jouni Forss Wed, 01/08/2014 - 12:08
User Badges:
  • Super Bronze, 10000 points or more


To my understanding you can clear the session with

clear crypto session remote

You could probably also use command

clear crypto isakmp

Before that you would check the output of

show crypto isakmp sa

- Jouni

leandro roggerone Tue, 01/21/2014 - 04:45
User Badges:

O figured out , the problem was a duplicated entry in the ACLs that each match statement was refering on the crypto maps.

crypto map CRYPTO 10 ipsec-isakmp
description "site to site 1"
set peer XX.XX.XX.XX
set transform-set trans1
match address 150
crypto map CRYPTO 30 ipsec-isakmp
description "site to site 2"
set peer YY.YY.YY.YY
set transform-set trans2
match address 180




access-list 150 permit ip host host  ##### had to delete and works!
access-list 180 permit ip host host




This Discussion