cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
846
Views
0
Helpful
3
Replies

Cisco CSR 1000v on AWS VPN limits

Hi all,

 

We are trying to migrate 3000 Remote VPN Clients from the ASA5550 to the AWS Cloud, the ASAv30 allows only 750 clients and we found that the CSR can do this job. But we were only able to get 150,151 clients connecting in CSR, after that it returns an error: the hseck9 license is not available. Reason: 55.

 

With the command below, it shows that the CSR can make the maximum of 41058, how can we get this?

 

ip-172-30-0-40#show crypto eli all

Hardware Encryption : ACTIVE

 Number of crypto engines = 2

 

 CryptoEngine IOSXE-ESP(9) details: state = Active

 Capability    : DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE

 

 IPSec-Session :   300 active, 40958 max, 0 failed

 

 

 CryptoEngine Software Crypto Engine details: state = Active

 Capability    : IPPCP, DES, 3DES, AES, SEAL, GCM, GMAC, RSA, IPv6, GDOI, FAILCLOSE, HA

 

 IKE-Session   :   151 active, 41058 max, 0 failed

 IKEv2-Session :     0 active, 41058 max, 0 failed

 DH            :     0 active, 20529 max, 0 failed

 IPSec-Session :     0 active,  1000 max, 0 failed

 SSL support   : Yes

 SSL versions  : SSLv3.0, TLSv1.0, DTLSv1.0, DTLS-pre-rfc,

                TLSv1.1, TLSv1.2

 Max SSL connec: 1000

 SSL namespace : 1

 

3 Replies 3

Bogdan Nita
VIP Alumni
VIP Alumni

I think It's this bug: CSCuy30460

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy30460/?rfs=iqvred

You need to upgrade to a fixed release.

 

HTH

Bogdan

Thanks Bogdan,

For which version should I upgrade? I'm running 16.07.01a and theres no upgrade or fix to this version, and I try to downgrade to 16.05.03 but theres no way to download... Any help?

Hi Alessandro,

I would try the latest 16.3 version, it is also a suggested version.

To be able to download you need to have a valid contract associated to your account.

You can contact your cisco partner to get that sorted out or you can request the image and they should be able to provide it.