Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto Engine will not clear old entries

Hiya all,

I have a 3640 router with VPN dialin access configured on it. This router has been perfectly functional for the last two years and has suddenly developed a problem (honest I'm not making this up).

I checked the configuration and there is no time extension programmed but the crypto engine (Show crypto connections active) doesn't seem to clear down its old entries anymore.

After a period of time this table seems to become infested will old crypto entries and the VPN fails to allocate new ones.

I can manually clear the SA's to allow connections again but can't understand why or how this is occuring...

Anyone got any ideas?

New Member

Re: Crypto Engine will not clear old entries

I am having the same problem on 1710 and 1711 with 12.3.1 code. Do you see multiple IKE sessions lingering?

New Member

Re: Crypto Engine will not clear old entries

Yes, your right old IKE entries also seem to linger until then are manually cleared (Clear crypto isakmp sa).

CreatePlease to create content