Hello all,

ranjit123 · ‎03-22-2017

Hello All,

I am using cisco 4331 with Sec k9

Even though we have configured 112 aggressive mode IPSec tunnels router “ show platform software cerm-information “ shows we have 224 tunnel and is not allowing us to configure new tunnels

<Router># show platform software cerm-information

Crypto Export Restrictions Manager(CERM) Information:

CERM functionality: ENABLED

----------------------------------------------------------------

Resource Maximum Limit Available

----------------------------------------------------------------

Tx Bandwidth(in kbps) 85000 D

Rx Bandwidth(in kbps) 85000 D

Number of tunnels 225 1

Number of TLS sessions 1000 1000

Resource reservation information:

D - Dynamic

-----------------------------------------------------------------------

Client Tx Bandwidth Rx Bandwidth Tunnels TLS Sessions

(in kbps) (in kbps)

-----------------------------------------------------------------------

VOICE 0 0 0 0

IPSEC D D 224 N/A <-------------- How does the router show 224 tunnels when i have only 1112 tunnels on the router

SSLVPN D D 0 N/A for every site it show in the log it uses 2 tunnels

Statistics information:

Failed tunnels : 420

Failed sessions : 0

Failed tx bandwidth: 0

Failed rx bandwidth: 0

Failed encrypt pkts: 0

Failed decrypt pkts: 0

Failed encrypt pkt bytes: 0

Failed decrypt pkt bytes: 0

Passed encrypt pkts: 0

Passed decrypt pkts: 0

Passed encrypt pkt bytes: 0

Passed decrypt pkt bytes: 0

We are getting the below errors

*Mar 22 11:48:40.025 UTC: %CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.

Currently we are using the below licenses on the router

<Router> #show license

Index 1 Feature: appxk9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 2 Feature: uck9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 3 Feature: securityk9

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

Index 4 Feature: ipbasek9

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

Index 5 Feature: FoundationSuiteK9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 6 Feature: AdvUCSuiteK9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 7 Feature: cme-srst

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: 0/0 (In-use/Violation)

License Priority: None

Index 8 Feature: hseck9

Index 9 Feature: throughput

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Active, Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 10 Feature: internal_service

Do i require HSEC license to solve this issue? and will HSEC license work in this scenario..

Regards,

Ranjit

ranjit123 · ‎04-21-2017

resolved was license issue