Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
3
Replies

Cisco CSR 1000v on AWS VPN limits

Alessandro Pereira
Level 1
Level 1

‎05-14-2018 07:32 AM - edited ‎03-12-2019 05:17 AM

Hi all,

 

We are trying to migrate 3000 Remote VPN Clients from the ASA5550 to the AWS Cloud, the ASAv30 allows only 750 clients and we found that the CSR can do this job. But we were only able to get 150,151 clients connecting in CSR, after that it returns an error: the hseck9 license is not available. Reason: 55.

 

With the command below, it shows that the CSR can make the maximum of 41058, how can we get this?

 

ip-172-30-0-40#show crypto eli all

Hardware Encryption : ACTIVE

 Number of crypto engines = 2

 

 CryptoEngine IOSXE-ESP(9) details: state = Active

 Capability    : DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE

 

 IPSec-Session :   300 active, 40958 max, 0 failed

 

 

 CryptoEngine Software Crypto Engine details: state = Active

 Capability    : IPPCP, DES, 3DES, AES, SEAL, GCM, GMAC, RSA, IPv6, GDOI, FAILCLOSE, HA

 

 IKE-Session   :   151 active, 41058 max, 0 failed

 IKEv2-Session :     0 active, 41058 max, 0 failed

 DH            :     0 active, 20529 max, 0 failed

 IPSec-Session :     0 active,  1000 max, 0 failed

 SSL support   : Yes

 SSL versions  : SSLv3.0, TLSv1.0, DTLSv1.0, DTLS-pre-rfc,

                TLSv1.1, TLSv1.2

 Max SSL connec: 1000

 SSL namespace : 1

 

Labels:
0 Helpful
3 Replies 3

Bogdan Nita
VIP Alumni
VIP Alumni

‎05-14-2018 08:57 AM

I think It's this bug: CSCuy30460

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy30460/?rfs=iqvred

You need to upgrade to a fixed release.

 

HTH

Bogdan

0 Helpful

Alessandro Pereira
Level 1
Level 1
In response to Bogdan Nita

‎05-14-2018 10:36 AM

Thanks Bogdan,

For which version should I upgrade? I'm running 16.07.01a and theres no upgrade or fix to this version, and I try to downgrade to 16.05.03 but theres no way to download... Any help?
0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni
In response to Alessandro Pereira

‎05-15-2018 01:40 AM

Hi Alessandro,

I would try the latest 16.3 version, it is also a suggested version.

To be able to download you need to have a valid contract associated to your account.

You can contact your cisco partner to get that sorted out or you can request the image and they should be able to provide it.

0 Helpful
Customers Also Viewed These Support Documents