×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPSEC duplicated entry when listing cripto sessions

Unanswered Question
Jan 8th, 2014
User Badges:

Very weird:


My crypto session with ZZZ.ZZZ.ZZZ.ZZZ. apears three times ....


mdz-gc-he-asr#show crypto session brief
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
        K - No IKE
ivrf = (none)
           Peer     I/F        Username          Group/Phase1_id   Uptime Status
  XXX.XXX.XXX.XXX Gi0/1/1                   XXX.XXX.XXX.XXX. 00:45:08    UA
  ZZZ.ZZZ.ZZZ.ZZZ. Gi0/1/1                            ZZZ.ZZZ.ZZZ.ZZZ.             UI
  ZZZ.ZZZ.ZZZ.ZZZ  Gi0/1/1                                                      UI
  ZZZ.ZZZ.ZZZ.ZZZ Gi0/1/1                                                      UI
    YYY.YYY.YYY.YYY    Tu20                              YYY.YYY.YYY.YYY     7w0d    UA


Though I have my session up , I can not course traffic through the tunnel,

How can I restart my session with peer zzz.zzz.zzz.zzz ?


Any ideas ?

Leandro.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jouni Forss Wed, 01/08/2014 - 12:08
User Badges:
  • Super Bronze, 10000 points or more

Hi,


To my understanding you can clear the session with


clear crypto session remote


You could probably also use command


clear crypto isakmp


Before that you would check the output of


show crypto isakmp sa


- Jouni

leandro roggerone Tue, 01/21/2014 - 04:45
User Badges:

O figured out , the problem was a duplicated entry in the ACLs that each match statement was refering on the crypto maps.


crypto map CRYPTO 10 ipsec-isakmp
description "site to site 1"
set peer XX.XX.XX.XX
set transform-set trans1
match address 150
crypto map CRYPTO 30 ipsec-isakmp
description "site to site 2"
set peer YY.YY.YY.YY
set transform-set trans2
match address 180


!

!

!

access-list 150 permit ip host 172.24.3.5 host 172.22.83.149  ##### had to delete and works!
!
!
access-list 180 permit ip host 172.24.3.5 host 172.22.83.149

!

!

Actions

This Discussion