Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
4
Replies

ipsec log

nicky123
Level 1
Level 1

‎12-20-2020 05:57 PM

hi,

i have this log below;

%CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license

is it related to below;

#show crypto ipsec sa count
IPsec SA total: 402, active: 74, rekeying: 0, unused: 328, invalid: 0

why is there unused?

 

thanks.

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎12-20-2020 05:59 PM

are you use any L2TP/IPsec or client VPN?

0 Helpful

nicky123
Level 1
Level 1
In response to MHM Cisco World

‎12-20-2020 06:17 PM

ipsec

0 Helpful

MHM Cisco World
VIP
VIP
In response to nicky123

‎12-20-2020 06:23 PM

IPSec VPN S2S with per host config 

make any host have it SPI and exhausted your router.

send to me the config of IPSec 

0 Helpful

Rob Ingram
VIP
VIP

‎12-21-2020 01:08 AM

@nicky123 

Of your 402 SAs, 74 are actively encrypting and passing traffic, the 328 unused have 0 packets being sent over the tunnel and no inbound/outbound SAs.

 

By the looks of the error message you need the HSEC-K9 license if you need more than 225 active tunnels - although it would also depend on whether your hardware supports more than 225 tunnels.

 

This link provides more information:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/118746-technote-isr-00.html

0 Helpful
Customers Also Viewed These Support Documents