Hi,

I am following the doc below the build a phase 1 dmvpn number between 2 IR809 router. The tunnel and ipsec looks fine and I checked the spec of IR809 which stated that it only supports 20 ipsec tunnel. So just want to confirm that the hub ir809 has already consumed 2 ip sec tunnel based on the below command output? 

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html

demo809#show crypto eli
Hardware Encryption : ACTIVE
Number of hardware crypto engines = 1

CryptoEngine Onboard VPN details: state = Active
Capability : DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE

IPSec-Session : 2 active, 256 max, 0 failed

demo809#show crypto ipsec sa count
IPsec SA total: 2, active: 2, rekeying: 0, unused: 0, invalid: 0

demo809#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
Type:Hub, NHRP Peers:1,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.14.28.25 192.168.2.9 UP 23:21:27 D

demo809#show crypto isakmp sa count
Active ISAKMP SA's: 1
Standby ISAKMP SA's: 0
Currently being negotiated ISAKMP SA's: 0
Dead ISAKMP SA's: 0

Thanks!