Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple ISAKMP SA's are showing up

Hi everyone, I have router (spoke) that connects to two DMVPN hubs over 2 IPSEC tunnels. When I perform a show crypto isakmp sa command, I see multiple SAs to IP addresses that I don't recognize. I should only have two SA's (one to each DMVPN hub). Can anyone shed some light as to why these security associations with unknown IPs are showing up?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Multiple ISAKMP SA's are showing up

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth


Please rate the helpfull posts.
Regards,
Naidu.

3 REPLIES

Multiple ISAKMP SA's are showing up

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth


Please rate the helpfull posts.
Regards,
Naidu.

New Member

Multiple ISAKMP SA's are showing up

Thank you Naidu. That explains it.

Multiple ISAKMP SA's are showing up

You are most welcome.

Please close "click on the correct answer" the case if this answered your query.

Please rate the helpfull posts.

Regards,

Naidu.

230
Views
5
Helpful
3
Replies
CreatePlease login to create content