Prev: mDNS
Next: PIX & Global Address Pools
From: Merv on 24 Apr 2008 09:58
On Apr 24, 9:20 am, GT <ipco...(a)gotadsl.co.uk> wrote:
> On Apr 24, 2:02 pm, Merv <merv.hr...(a)rogers.com> wrote:
>
> > If the RRI created routes are still there after the IPSEC SA for the
> > peer expires then that is a bug
>
> > Check that the IPSEC SA's are being removed after the VPN client
> > disconnects
>
> ipsec SA's are being removed such that they do not appear in 'show
> crypto ipsec sa"
>
> however, what is 'interesting' is that the peers that should no longer
> be valid seem to be retained perhaps in the SA table ? such that they
> are listed (but with no spi, transform etc ..) in the output of;
>
> 'show crypto ipsec sa address'.
>
> this indicates to me that perhaps they are not in fact being 'purged'
> from the SA table ?,


If you have SmartNet on the unit, then suggest you open a case with
the Cisco TAC
First  |  Prev  | 
Pages: 1 2
Prev: mDNS
Next: PIX & Global Address Pools