cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
5
Helpful
2
Replies

Command show crypto isakmp sa shows 2 VPNs

David Kleberson
Level 1
Level 1

Hi all!

Why my router shows me 2 VPNs? Is it normal?

R1#show crypto isakmp sa

IPv4 Crypto ISAKMP SA
   dst                  src             state            conn-id   status
10.10.0.5      10.10.0.2      QM_IDLE           1870 ACTIVE
10.10.0.2      10.10.0.5      QM_IDLE           1871 ACTIVE

 

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

For sake of clarity, this is showing you have two IKE sessions. 

The situation can typically occur when: 

1) Both sides initiate IKE session at the same time. 

2) When one of the sides initiates an IKE SA rekey (every 24 hours by default). 

Most of the time not a problem. 

You should be checking whether your IPsec SAs are up and not flapping. 

Enabling "crypto logging session" is probably a good way to have visibility. 

 

 

 

View solution in original post

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

For sake of clarity, this is showing you have two IKE sessions. 

The situation can typically occur when: 

1) Both sides initiate IKE session at the same time. 

2) When one of the sides initiates an IKE SA rekey (every 24 hours by default). 

Most of the time not a problem. 

You should be checking whether your IPsec SAs are up and not flapping. 

Enabling "crypto logging session" is probably a good way to have visibility. 

 

 

 

Dear Marcin Latosiewicz,

Thank you for explanation!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: