Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple IKA SAs to one peer

The VPN setup is Cisco to Checkpoint

The phase 1 and phase 2 ISAKMP settings have been verified. Connectivity is ok.

Any idea why I am seeing so many IKE SAs?

10.10.10.10 192.168.1.1 QM_IDLE 532 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 491 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 489 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 480 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 421 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 411 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 445 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 454 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 333 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 516 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 477 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 401 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 413 0 ACTIVE

10.10.10.10 192.168.1.1 QM_IDLE 517 0 ACTIVE

3 REPLIES
Cisco Employee

Re: Multiple IKA SAs to one peer

Because in Checkpoint you configure separate tunnels for separate subnets or host ip address.

But with Cisco You just create one single tunnel including all the subnets.

do you have multiple subnets or hosts in the crypto ACL..If you are not facing any kind of issue with the tunnel, then you can consider this as normal.

*Please rate if helped.

-Kanishka

Community Member

Re: Multiple IKA SAs to one peer

Does everybody agree with this? It sure makes sense as there are 15 subnets in the 'rule' on the Checkpoint.

Community Member

Re: Multiple IKA SAs to one peer

By the way in the Subject: IKA=IKE (typo)

216
Views
0
Helpful
3
Replies
CreatePlease to create content