cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6605
Views
5
Helpful
4
Replies

ASR1001-X || CRYPTO-6-ISAKMP_MANUAL_DELETE || Crypto Message

netops044
Beginner
Beginner

Hi ,

 

We are running dynamic IPSEC VPN between spoke to DC .DC end IPSEC termination routers are ASR1001-X and spoke end ISR G2.

 

DC end routers are generating below logs message and someone help me to understand the same

 

Sep 14 18:06:53.014 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.
Sep 14 18:09:23.228 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.
Sep 14 18:10:05.760 IST: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 172.16.13.182' to manually clear IPSec SA's covered by this IKE SA.

 

Thanks 

4 Replies 4

Flavio Miranda
Advisor
Advisor

Hello,

 This may be helpful:

 

Error Message    %CRYPTO-6-UNAVAILABLE: IKE SA manually deleted. Do 'clear crypto sa 
peer %s' to manually clear IPSec SA's covered by this IKE SA. 

Explanation    The IKE SA was deleted by user command. However, keepalives this connection are enabled, and IPSec SA's covered by this IKE SA still exist. Since this IKE SA is now deleted, these IPSec SA's have no IKE SA covering them. The recommended action is to manually delete this IPSec SA's.

Thanks for update !!!


So this is informational message and no service impact notification on this . How to stop/avoid triggering the syslog message.

 

Thanks,

 

As per the recommendation:  clear crypto sa peer "Remote Peer"

Dave!!!!!!
Beginner
Beginner

Uh, no Flavio. That is not correct.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers