leftover entries in crypto ipsec sa

Discussion in 'Cisco' started by Rob, Jun 10, 2013.

  1. Rob

    Rob Guest

    I have a Cisco 1811 running IOS 15.1(4)M4

    It has both static (crypto map vpn) entries and temporary
    entries created by L2TP/IPsec users calling in from Windows XP.

    When I use "show crypto ipsec sa" I see the static entries,
    the dynamic entries active at that time, but also after the
    router has been up for some time I see more and more entries
    that are no longer in use but still are in that output.

    The "show crypto ipsec sa" output already is formatted in an
    unclear way (should have been an overview table and an additional
    command to request detail of a specific entry), but this accumulating
    garbage does not make it easier to find an entry I am looking for.

    The virtual interfaces of the leftover entries are long gone, but
    apparently this does not always clear the ipsec association entries.
    (it does not accumulate all entries, maybe only those that terminate
    with some specific failure condition)

    Is there a way to cleanup the table without a reload, or to fix
    this problem altogether?
     
    Rob, Jun 10, 2013
    #1
    1. Advertising

  2. Rob

    Rob Guest

    Is this newsgroup now only for "we buy cisco" spam?
    Is there a new place where technical topics are discussed?
     
    Rob, Jun 20, 2013
    #2
    1. Advertising

  3. Rob wrote:

    > Is this newsgroup now only for "we buy cisco" spam?


    It's certainly looking that way. There isn't much traffic
    here these days and the spammers have multiplied lately.

    > Is there a new place where technical topics are discussed?


    You might try out Cisco's TechZone:

    https://supportforums.cisco.com/community/netpro/security/vpn

    --
    Rgds,
    Martin
     
    Martin Gallagher, Jun 21, 2013
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rod
    Replies:
    0
    Views:
    3,821
  2. He Ming
    Replies:
    0
    Views:
    4,134
    He Ming
    Jul 13, 2004
  3. John Ramsden
    Replies:
    0
    Views:
    1,043
    John Ramsden
    Jul 24, 2004
  4. Ike Milligan

    WIn XP leftover fax seems to try dialing out

    Ike Milligan, May 13, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    603
    Ike Milligan
    May 13, 2004
  5. John Navas

    Leftover thriftiness from you film days?

    John Navas, Jan 21, 2008, in forum: Digital Photography
    Replies:
    69
    Views:
    1,430
    Robert Coe
    Jan 24, 2008
Loading...

Share This Page