09-15-2017 04:58 AM - edited 03-12-2019 04:32 AM
Hi ,
We are running dynamic IPSEC VPN between spoke to DC .DC end IPSEC termination routers are ASR1001-X and spoke end ISR G2.
DC end routers are generating below logs message and someone help me to understand the same
Sep 14 18:06:53.014 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.
Sep 14 18:09:23.228 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.
Sep 14 18:10:05.760 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.
Thanks
09-15-2017 10:43 AM
Hello,
This may be helpful:
Error Message %CRYPTO-6-UNAVAILABLE: IKE SA manually deleted. Do 'clear crypto sa
peer %s' to manually clear IPSec SA's covered by this IKE SA.
Explanation The IKE SA was deleted by user command. However, keepalives this connection are enabled, and IPSec SA's covered by this IKE SA still exist. Since this IKE SA is now deleted, these IPSec SA's have no IKE SA covering them. The recommended action is to manually delete this IPSec SA's.
09-17-2017 08:49 PM
Thanks for update !!!
So this is informational message and no service impact notification on this . How to stop/avoid triggering the syslog message.
Thanks,
09-17-2017 09:14 PM
As per the recommendation: clear crypto sa peer "Remote Peer"
09-03-2020 11:13 AM
Uh, no Flavio. That is not correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: