Solved: Multiple ISAKMP SA's are showing up

Ricky Sandhu · ‎03-07-2012

Hi everyone, I have router (spoke) that connects to two DMVPN hubs over 2 IPSEC tunnels. When I perform a show crypto isakmp sa command, I see multiple SAs to IP addresses that I don't recognize. I should only have two SA's (one to each DMVPN hub). Can anyone shed some light as to why these security associations with unknown IPs are showing up?

Thanks

Latchum Naidu · ‎03-07-2012

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth

Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

Latchum Naidu · ‎03-07-2012

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth

Please rate the helpfull posts.
Regards,
Naidu.

Ricky Sandhu · ‎03-08-2012

Thank you Naidu. That explains it.

Latchum Naidu · ‎03-08-2012

You are most welcome.

Please close "click on the correct answer" the case if this answered your query.

Please rate the helpfull posts.

Regards,

Naidu.