Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSEC duplicated entry when listing cripto sessions

Very weird:

My crypto session with ZZZ.ZZZ.ZZZ.ZZZ. apears three times ....

mdz-gc-he-asr#show crypto session brief
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
        K - No IKE
ivrf = (none)
           Peer     I/F        Username          Group/Phase1_id   Uptime Status
  XXX.XXX.XXX.XXX Gi0/1/1                   XXX.XXX.XXX.XXX. 00:45:08    UA
  ZZZ.ZZZ.ZZZ.ZZZ. Gi0/1/1                            ZZZ.ZZZ.ZZZ.ZZZ.             UI
  ZZZ.ZZZ.ZZZ.ZZZ  Gi0/1/1                                                      UI
  ZZZ.ZZZ.ZZZ.ZZZ Gi0/1/1                                                      UI
    YYY.YYY.YYY.YYY    Tu20                              YYY.YYY.YYY.YYY     7w0d    UA

Though I have my session up , I can not course traffic through the tunnel,

How can I restart my session with peer zzz.zzz.zzz.zzz ?

Any ideas ?

Leandro.

2 REPLIES
Super Bronze

IPSEC duplicated entry when listing cripto sessions

Hi,

To my understanding you can clear the session with

clear crypto session remote

You could probably also use command

clear crypto isakmp

Before that you would check the output of

show crypto isakmp sa

- Jouni

Community Member

IPSEC duplicated entry when listing cripto sessions

O figured out , the problem was a duplicated entry in the ACLs that each match statement was refering on the crypto maps.

crypto map CRYPTO 10 ipsec-isakmp
description "site to site 1"
set peer XX.XX.XX.XX
set transform-set trans1
match address 150
crypto map CRYPTO 30 ipsec-isakmp
description "site to site 2"
set peer YY.YY.YY.YY
set transform-set trans2
match address 180

!

!

!

access-list 150 permit ip host 172.24.3.5 host 172.22.83.149  ##### had to delete and works!
!
!
access-list 180 permit ip host 172.24.3.5 host 172.22.83.149

!

!

475
Views
0
Helpful
2
Replies
CreatePlease to create content