05-21-2015 03:10 AM
Hi all!
Why my router shows me 2 VPNs? Is it normal?
R1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.10.0.5 10.10.0.2 QM_IDLE 1870 ACTIVE
10.10.0.2 10.10.0.5 QM_IDLE 1871 ACTIVE
Solved! Go to Solution.
05-21-2015 05:31 AM
For sake of clarity, this is showing you have two IKE sessions.
The situation can typically occur when:
1) Both sides initiate IKE session at the same time.
2) When one of the sides initiates an IKE SA rekey (every 24 hours by default).
Most of the time not a problem.
You should be checking whether your IPsec SAs are up and not flapping.
Enabling "crypto logging session" is probably a good way to have visibility.
05-21-2015 05:31 AM
For sake of clarity, this is showing you have two IKE sessions.
The situation can typically occur when:
1) Both sides initiate IKE session at the same time.
2) When one of the sides initiates an IKE SA rekey (every 24 hours by default).
Most of the time not a problem.
You should be checking whether your IPsec SAs are up and not flapping.
Enabling "crypto logging session" is probably a good way to have visibility.
05-23-2015 10:25 PM
Dear Marcin Latosiewicz,
Thank you for explanation!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide