leftover entries in crypto ipsec sa

I have a Cisco 1811 running IOS 15.1(4)M4

It has both static (crypto map vpn) entries and temporary entries created by L2TP/IPsec users calling in from Windows XP.

When I use "show crypto ipsec sa" I see the static entries, the dynamic entries active at that time, but also after the router has been up for some time I see more and more entries that are no longer in use but still are in that output.

The "show crypto ipsec sa" output already is formatted in an unclear way (should have been an overview table and an additional command to request detail of a specific entry), but this accumulating garbage does not make it easier to find an entry I am looking for.

The virtual interfaces of the leftover entries are long gone, but apparently this does not always clear the ipsec association entries. (it does not accumulate all entries, maybe only those that terminate with some specific failure condition)

Is there a way to cleanup the table without a reload, or to fix this problem altogether?

Reply to
Loading thread data ...

Is this newsgroup now only for "we buy cisco" spam? Is there a new place where technical topics are discussed?

Reply to

It's certainly looking that way. There isn't much traffic here these days and the spammers have multiplied lately.

You might try out Cisco's TechZone:

formatting link

Reply to
Martin Gallagher

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.