Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
5
Helpful
2
Replies

IPSEC building multiple Security associations

Maxim35
Level 1
Level 1

‎05-11-2022 11:41 AM

Hi guys im having a problem with a VPN sec connection i have created between a cisco router and sophos firewall. For phase 1 and 2 its forming multiple SAs with different session IDs and they all show they are active. What could be the cause of this?

I have tried clearing them but they still regenerating themselves see below example.

196.11.190.250 197.248.10.90 QM_IDLE 1439 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1383 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1344 ACTIVE
196.11.190.250 197.248.10.90 QM_IDLE 1296 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1211 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1197 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 1186 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33059 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33042 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 33006 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32983 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32962 ACTIVE
197.11.190.250 197.248.10.90 QM_IDLE 32725 ACTIVE

Labels:
2 Replies 2

MHM Cisco World
VIP
VIP

‎05-11-2022 11:48 AM

can you share the config of router IPSec

0 Helpful

ankuj
Cisco Employee
Cisco Employee

‎05-11-2022 10:21 PM

Along with the configuration as requested previously, also share the complete output of “show crypto ipsec sa”

0 Helpful
Customers Also Viewed These Support Documents