03-07-2012 04:52 AM - edited 03-07-2019 05:24 AM
Hi everyone, I have router (spoke) that connects to two DMVPN hubs over 2 IPSEC tunnels. When I perform a show crypto isakmp sa command, I see multiple SAs to IP addresses that I don't recognize. I should only have two SA's (one to each DMVPN hub). Can anyone shed some light as to why these security associations with unknown IPs are showing up?
Thanks
Solved! Go to Solution.
03-07-2012 05:09 AM
Hi,
You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.
crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
Please rate the helpfull posts.
Regards,
Naidu.
03-07-2012 05:09 AM
Hi,
You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.
crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
Please rate the helpfull posts.
Regards,
Naidu.
03-08-2012 04:31 AM
Thank you Naidu. That explains it.
03-08-2012 04:53 AM
You are most welcome.
Please close "click on the correct answer" the case if this answered your query.
Please rate the helpfull posts.
Regards,
Naidu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide