Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

unexpected ISAKMP sessions

Hi all!

I've a IPSEC vpn with a Cisco 1812 in the local side and about ten Draytek Vigor in remote side.

I dont know why but i have multiple ISAKMP sessions for the same peer and i have connection problems.

This is the output of a show crypto session detail. how can i set a maximun ISAKMP session per peer?

anandacentral#sh crypto session remote x.x.x.x detail

Crypto session current status

Code: C - IKE Configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication

Interface: Loopback0

Session status: UP-ACTIVE

Peer: x.x.x.x port 500 fvrf: (none) ivrf: (none)

Phase1_id: x.x.x.x

Desc: (none)

IKE SA: local y.y.y.y/500 remote x.x.x.x/500 Active

Capabilities:(none) connid:2393 lifetime:23:25:17

IKE SA: local y.y.y.y/500 remote x.x.x.x/500 Active

Capabilities:(none) connid:2378 lifetime:23:20:57

IKE SA: local y.y.y.y/500 remote x.x.x.x/500 Active

Capabilities:(none) connid:2244 lifetime:23:15:47

IKE SA: local y.y.y.y/500 remote x.x.x.x/500 Active

Capabilities:(none) connid:2334 lifetime:23:10:35

IPSEC FLOW: permit ip 192.168.0.0/255.255.255.0 192.168.3.0/255.255.255.0

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 8480 drop 0 life (KB/Sec) 4390959/1518

Outbound: #pkts enc'ed 9687 drop 9 life (KB/Sec) 4390993/1518

thanks in advance

2 REPLIES
Silver

Re: unexpected ISAKMP sessions

Router(config-crypto-map)# set security-association idle-time 600

Specifies the maximum amount of time for which the current peer can be idle before the default peer is used.

New Member

Re: unexpected ISAKMP sessions

Thanks sbilgi but this command is not valid for my purposes. With this command i set the timeout for ipsec tunnel but my problem is with isakmp sessions, i have a lot of Active isakmp sessions and i don?t know how finish it.

320
Views
0
Helpful
2
Replies
CreatePlease login to create content