i have posted issue what i think is related previously under subject with 'reverse route injection'
relates i think to the maintenance of the IPSEC SA's for peers that in fact are cisco vpn clients (windows xp).
even though VPN client connections are no longer valid, it seems the IOS (12.4) router is maintaining entries in the SA table, such that the peer addresses are listed in the output from;
"show crypto ipsec sa detail "
However no such entry appears in "show crypto ipsec sa"
is this in fact indication of the SA still being maintained or have i misinterprted ??
if the former, then is it perhaps a matter of configuring of the 'idle-timer' ?, to purge these SA's even though the other timers are obviously exceeded ?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.