amigan_99
asked on
Clearing crypto sessions failing
Below is a snippet of sho crypto session on a DMVPN router. Altho the status of the session is down I can't get these entries to disappear from the router. I've tried "clear crypto session 16.19.250.27" and "clear crypto sa peer 16.19.250.27". Yet these keep showing up like a zombie. What's going on with this?
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 16.19.250.27 port 500
IPSEC FLOW: permit ip 10.1.48.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.1.42.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.1.40.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 16.19.250.27 port 500
IPSEC FLOW: permit ip 10.1.48.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.1.42.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.1.40.0/255.255.254.0 10.5.127.0/255.255.255.0
Active SAs: 0, origin: crypto map
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd say you've not removed the crypto config from your router. The output seems to indicate that your router has config telling it what your encryption domains are.
Clearing the sessions will only tear them down but if the config remains they will try to establish again.