Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

show crypto session growing

Hi! We have a few Cisco 1841 12.4(13r)T with site to site vpn (crypto isakmp, crypto ipsec). The command "show crypto session" shows a lot of sessions, most of them with Active SAs: 0. Even if the SA is never used again, this session stays in the output forever. Is this just a "cosmetic" issue?

The same happens with the command "sh crypto ipsec sa". I can see every old ipsec sa, of course there is no active inbound or outbound esp, but I still see it. Could this cause memory overflow or other problems?


Re: show crypto session growing

Hi Christian,

One question... if you cleared the IPsec SAs with the command ''clear cry ips sa'' does it still show again? Or after ''clear crypto session''?


New Member

Re: show crypto session growing

After clear crypto session it is not shown any longer. But in the meantime I think this is like a logbuffer, when it is full the older entries are cleared. Because today I did not see entries from last Friday and the router was not reloaded.

So I think this is not really a proplem ;-)

CreatePlease to create content