IPSEC building multiple Security associations

Maxim35 · ‎05-11-2022

Hi guys im having a problem with a VPN sec connection i have created between a cisco router and sophos firewall. For phase 1 and 2 its forming multiple SAs with different session IDs and they all show they are active. What could be the cause of this?

I have tried clearing them but they still regenerating themselves see below example.

196.11.190.250 197.248.10.90 QM_IDLE 1439 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1383 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1344 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1296 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1211 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1197 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1186 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33059 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33042 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33006 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32983 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32962 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32725 ACTIVE

MHM Cisco World · ‎05-11-2022

can you share the config of router IPSec

ankuj · ‎05-11-2022

Along with the configuration as requested previously, also share the complete output of “show crypto ipsec sa”