Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSEC duplicated entry when listing cripto sessions

Very weird:

My crypto session with ZZZ.ZZZ.ZZZ.ZZZ. apears three times ....

mdz-gc-he-asr#show crypto session brief
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
        K - No IKE
ivrf = (none)
           Peer     I/F        Username          Group/Phase1_id   Uptime Status
  XXX.XXX.XXX.XXX Gi0/1/1                   XXX.XXX.XXX.XXX. 00:45:08    UA
  ZZZ.ZZZ.ZZZ.ZZZ. Gi0/1/1                            ZZZ.ZZZ.ZZZ.ZZZ.             UI
  ZZZ.ZZZ.ZZZ.ZZZ  Gi0/1/1                                                      UI
  ZZZ.ZZZ.ZZZ.ZZZ Gi0/1/1                                                      UI
    YYY.YYY.YYY.YYY    Tu20                              YYY.YYY.YYY.YYY     7w0d    UA

Though I have my session up , I can not course traffic through the tunnel,

How can I restart my session with peer zzz.zzz.zzz.zzz ?

Any ideas ?


Super Bronze

IPSEC duplicated entry when listing cripto sessions


To my understanding you can clear the session with

clear crypto session remote

You could probably also use command

clear crypto isakmp

Before that you would check the output of

show crypto isakmp sa

- Jouni

Community Member

IPSEC duplicated entry when listing cripto sessions

O figured out , the problem was a duplicated entry in the ACLs that each match statement was refering on the crypto maps.

crypto map CRYPTO 10 ipsec-isakmp
description "site to site 1"
set peer XX.XX.XX.XX
set transform-set trans1
match address 150
crypto map CRYPTO 30 ipsec-isakmp
description "site to site 2"
set peer YY.YY.YY.YY
set transform-set trans2
match address 180




access-list 150 permit ip host host  ##### had to delete and works!
access-list 180 permit ip host host



CreatePlease to create content