09-02-2019 01:22 AM - edited 02-21-2020 09:44 PM
Dears,
i am having a problem that the VPN session keeps disconnecting and the following log message appears:
%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.
please find the show crypto eli brie below:
INT#sh crypto eli all
Hardware Encryption : ACTIVE
Number of crypto engines = 3
CryptoEngine IOSXE-ESP(9) details: state = Active
Capability : DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE
IPSec-Session : 471 active, 10240 max, 0 failed
CryptoEngine Software Crypto Engine details: state = Active
Capability : IPPCP, DES, 3DES, AES, SEAL, GCM, GMAC, RSA, IPv6, GDOI, FAILCLOSE, HA
IKE-Session : 90 active, 10340 max, 0 failed
IKEv2-Session : 21 active, 10340 max, 0 failed
DH : 2 active, 5170 max, 0 failed
IPSec-Session : 0 active, 1000 max, 0 failed
SSL support : Yes
SSL versions : SSLv3.0, TLSv1.0, DTLSv1.0, DTLS-pre-rfc,
TLSv1.1, TLSv1.2
Max SSL connec: 1000
SSL namespace : 1
SSLv3.0 suites:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLSv1.0 suites:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
DTLSv1.0 suite:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
CryptoEngine act2 details: state = Active
Capability : RSA
Do i have to consider the HSEC license? any idea
thank you
09-02-2019 01:09 PM
Hi,
Yes, without the HSECK9 license, only 225 secure tunnels and 85 Mbps of crypto bandwidth would be available.
Reference here page 59.
HTH
09-02-2019 01:12 PM
thank you for the reply,
how to know how much bandwidth is reached and the exact number of tunnels
09-02-2019 01:38 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide