Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
1
Helpful
2
Replies

IKEv2 protection mechanisms

iores
Level 1
Level 1

‎04-16-2023 11:01 AM

Hi,

what is the difference between these to commands lines:

 

crypto ikev2 limit max-in-negotiation-sa 6 outgoing

crypto ikev2 limit max-in-negotiation-sa 6

 

 Thank you!

Labels:
2 Replies 2

Rob Ingram
VIP
VIP

‎04-16-2023 11:13 AM

@iores

crypto ikev2 limit max-in-negotiation-sa 6 = allowed limit of incoming SA requests to the router. This appears to be the same if you append "incoming" to the end of the command.

crypto ikev2 limit max-in-negotiation-sa 6 outgoing = allowed limited of outgoing SA requests from the router.

You can see the configured (or default) in/out SA limits using the command show crypto ikev2 stats

0 Helpful

MHM Cisco World
VIP
VIP

‎04-16-2023 12:30 PM

this is for CAC of IPSec 
Call Admission Control for IKE (cisco.com)

CAC is control of IPsec.

0 Helpful
Customers Also Viewed These Support Documents