Unable to remove crypto session.

Discussion in 'Cisco' started by mytempo, Sep 5, 2009.

  1. mytempo

    mytempo

    Joined:
    Sep 5, 2009
    Messages:
    1
    Likes Received:
    0
    I am using a few 1812 routers to run GRE IPSec tunnel with ipsec tunnel mode between the central and branches offices.

    It has been running smooth for more than a year, untill 2 days ago, the 1812J at central office suddenly freeze all IPSEC sessions, I have to remove ipsec tunnel mode on all GRE tunnes in order to get the network back to live.

    I have tried to clear all crypto sessions and seems nothing works. Even I remove all crypto related commands. I am still seeing 'phantom' sessions stuck in the router. Is there anyway to flush out there crypto sessions w/o reload the router ??

    Thx

    Richard

    ==== after delete all crypto commands, these still remains in router =====

    Router#sh crypto session
    Crypto session current status

    Interface: Tunnel1
    Session status: UP-IDLE
    Peer: bbb.bbb.bbb.bbb port 500
    IKE SA: local aaa.aaa.aaa.aaa/500 remote bbb.bbb.bbb.bbb/500 Active

    Interface: Tunnel8
    Session status: DOWN-NEGOTIATING
    Peer: ccc.ccc.ccc.ccc port 500
    IKE SA: local aaa.aaa.aaa.aaa/500 remote ccc.ccc.ccc.ccc/500 Inactive

    Interface: FastEthernet0
    Session status: UP-IDLE
    Peer: bbb.bbb.bbb.bbb port 500
    IKE SA: local aaa.aaa.aaa.aaa/500 remote bbb.bbb.bbb.bbb/500 Active

    Interface: Tunnel3
    Session status: DOWN-NEGOTIATING
    Peer: ddd.ddd.ddd.ddd port 500
    IKE SA: local aaa.aaa.aaa.aaa/500 remote ddd.ddd.ddd.ddd/500 Inactive

    HRMSC-TYO#sh crypto engine connections active
    Crypto Engine Connections

    ID Interface Type Algorithm Encrypt Decrypt IP-Address
    2207 Fa0 IKE SHA+AES 0 0 aaa.aaa.aaa.aaa
    2208 Tu1 IKE SHA+AES 0 0 aaa.aaa.aaa.aaa
    2209 Fa0 IKE SHA+AES 0 0 aaa.aaa.aaa.aaa
    2210 Fa0 IKE SHA+AES 0 0 aaa.aaa.aaa.aaa
    2211 Tu6 IKE SHA+AES 0 0 aaa.aaa.aaa.aaa
     
    mytempo, Sep 5, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.