05-21-2015 03:10 AM
Hi all!
Why my router shows me 2 VPNs? Is it normal?
R1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.10.0.5 10.10.0.2 QM_IDLE 1870 ACTIVE
10.10.0.2 10.10.0.5 QM_IDLE 1871 ACTIVE
Solved! Go to Solution.
05-21-2015 05:31 AM
For sake of clarity, this is showing you have two IKE sessions.
The situation can typically occur when:
1) Both sides initiate IKE session at the same time.
2) When one of the sides initiates an IKE SA rekey (every 24 hours by default).
Most of the time not a problem.
You should be checking whether your IPsec SAs are up and not flapping.
Enabling "crypto logging session" is probably a good way to have visibility.
05-21-2015 05:31 AM
For sake of clarity, this is showing you have two IKE sessions.
The situation can typically occur when:
1) Both sides initiate IKE session at the same time.
2) When one of the sides initiates an IKE SA rekey (every 24 hours by default).
Most of the time not a problem.
You should be checking whether your IPsec SAs are up and not flapping.
Enabling "crypto logging session" is probably a good way to have visibility.
05-23-2015 10:25 PM
Dear Marcin Latosiewicz,
Thank you for explanation!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: