05-14-2018 07:32 AM - edited 03-12-2019 05:17 AM
Hi all,
We are trying to migrate 3000 Remote VPN Clients from the ASA5550 to the AWS Cloud, the ASAv30 allows only 750 clients and we found that the CSR can do this job. But we were only able to get 150,151 clients connecting in CSR, after that it returns an error: the hseck9 license is not available. Reason: 55.
With the command below, it shows that the CSR can make the maximum of 41058, how can we get this?
ip-172-30-0-40#show crypto eli all
Hardware Encryption : ACTIVE
Number of crypto engines = 2
CryptoEngine IOSXE-ESP(9) details: state = Active
Capability : DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE
IPSec-Session : 300 active, 40958 max, 0 failed
CryptoEngine Software Crypto Engine details: state = Active
Capability : IPPCP, DES, 3DES, AES, SEAL, GCM, GMAC, RSA, IPv6, GDOI, FAILCLOSE, HA
IKE-Session : 151 active, 41058 max, 0 failed
IKEv2-Session : 0 active, 41058 max, 0 failed
DH : 0 active, 20529 max, 0 failed
IPSec-Session : 0 active, 1000 max, 0 failed
SSL support : Yes
SSL versions : SSLv3.0, TLSv1.0, DTLSv1.0, DTLS-pre-rfc,
TLSv1.1, TLSv1.2
Max SSL connec: 1000
SSL namespace : 1
05-14-2018 08:57 AM
I think It's this bug: CSCuy30460
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy30460/?rfs=iqvred
You need to upgrade to a fixed release.
HTH
Bogdan
05-14-2018 10:36 AM
05-15-2018 01:40 AM
Hi Alessandro,
I would try the latest 16.3 version, it is also a suggested version.
To be able to download you need to have a valid contract associated to your account.
You can contact your cisco partner to get that sorted out or you can request the image and they should be able to provide it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: