Steven Surdock wrote:
> Greetings,
>
> I have an isakmpd process that's not letting go of old SADs. While it
> doesn't seem to be causing issues with the tunnels, it is
> causing higher
> than normal system utilization. It seems to be occurring on
> the tunnels
> which have multiple subnets defined (e.g. VPNA and VPNB, but
> not VPNC).
> Any insight would be appreciated.
>
> fw1$ sudo ipsecctl -sa |grep tunnel |wc
> 24 312 2184
> fw1$ sudo ipsecctl -sa |grep tunnel |wc
> 32 416 2890
> fw1$ sudo ipsecctl -sa |grep tunnel |wc
> 36 468 3258
> fw1$ sudo ipsecctl -sa |grep tunnel |wc
> 58 754 5212
It's getting out of control. I should only have about 18 SAD entries...
[EMAIL PROTECTED] ipsecctl -sa |grep tunn|wc
1214 15782 107964
Any insight would be appreciated.
-Steve S.
