[ISSUE] IPSec Maximum Tunnel Group MS-ISA
Posted: 01 Jul 2015 03:31
Hi Everyone,
I found something different when I use Ipsec in 7750 SR12. When I check ISA Capability. Grp IPSec Max Tunnels : 16384
Buth WHen I tray to activate my 1371st tunnel, Alarm triggered like this
The IPsec configuration is like this
How to tuning the ipsec so it can reach 16384 per ISA?
Thanks
I found something different when I use Ipsec in 7750 SR12. When I check ISA Capability. Grp IPSec Max Tunnels : 16384
Code: Select all
B:7750SR12-LAB# show isa tunnel-group 1 detail
===============================================================================
ISA Tunnel Group Information
===============================================================================
Description : (Not Specified)
ISA Group : 1
Admin State : Up Oper State : Up
Responder-Only : false
Primary ISA : 2/2
Backup ISA : 0/0
Active ISAs : 2/2
Reassembly (msecs) : disabled ISA Chassis : 1
Oper Flags : (Not Specified)
Grp IPsec Tnls : 0 Grp IPsec Max Tnls : 16384
Grp IP Tunnels : 0 Grp IP Max Tunnels : 1024
===============================================================================
B:7750SR12-LAB# Buth WHen I tray to activate my 1371st tunnel, Alarm triggered like this
Code: Select all
*B:7750SR12-LAB>config>service>vprn>if>sap# ipsec-tunnel "remote-office-1371"
*B:7750SR12-LAB>config>service>vprn>if>sap>ipsec-tun# no shutdown
MINOR: SVCMGR #5106 Cannot enable the tunnel - Tunnel will exceed DPD budget for the IPsec GrpThe IPsec configuration is like this
Code: Select all
B:7750SR12-LAB>config>ipsec# info
----------------------------------------------
ike-policy 1 create
ipsec-lifetime 1200
isakmp-lifetime 2400
pfs
auth-algorithm md5
dpd interval 10 max-retries 5
exit
ipsec-transform 1 create
esp-auth-algorithm md5
esp-encryption-algorithm des
exit
----------------------------------------------Thanks