cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
399
Views
5
Helpful
3
Replies

Multiple ISAKMP SA's are showing up

Ricky Sandhu
Beginner
Beginner

Hi everyone, I have router (spoke) that connects to two DMVPN hubs over 2 IPSEC tunnels. When I perform a show crypto isakmp sa command, I see multiple SAs to IP addresses that I don't recognize. I should only have two SA's (one to each DMVPN hub). Can anyone shed some light as to why these security associations with unknown IPs are showing up?

Thanks

1 Accepted Solution

Accepted Solutions

Latchum Naidu
Engager
Engager

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth


Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

3 Replies 3

Latchum Naidu
Engager
Engager

Hi,

You will see that when you have a crypto map pointing to default network like below. This you need because when you are in DMVPN cloud then the spoke to spoke virtual tunnel must be established so that they can communicate directly without coming to HUB which is the main advantage in DMVPN technology.

crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth


Please rate the helpfull posts.
Regards,
Naidu.

Thank you Naidu. That explains it.

You are most welcome.

Please close "click on the correct answer" the case if this answered your query.

Please rate the helpfull posts.

Regards,

Naidu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers