IKE/4/IKE_IPSEC_SA_EXIST_WITH_OTHER_PEER

Message

IKE/4/IKE_IPSEC_SA_EXIST_WITH_OTHER_PEER: IPsec SA already existed for flow with other peer. (FlowSrcIP=[SrcIP], FlowDstIP=[DstIP], VRF=[VRF], OldPeerIP=[OldPeerIP], NewPeerIP=[NewPeerIP])

In VS mode, this log is supported only by the admin VS.

Description

An IPsec SA had been created for the flow by other peers.

Parameters

Parameter Name Parameter Meaning

SrcIP

Source IP address

DstIP

Destination IP address

VRF

Name of a VPN instance

OldPeerIP

IP address of the old peer

NewPeerIP

IP address of the new peer

Possible Causes

An ACL rule was configured for multiple peers on the IKE initiator. Only a profile was configured on the IKE responder, and the ACL rule bound to the profile matched the ACL rule on the IKE initiator. After multiple flows with the same source but different destinations were sent, only one IPsec SA could be created for these flows.

Procedure

  • Check whether the IKE-related ACL rule configurations are correct.
  • Collect log information and configuration information, and then contact technical support personnel.
Parent Topic: IKE
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >