Limit Max Number of IKEv1 IPSEC Managers within a Context

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

IPSec

Applicable Platform(s)

ASR 5500

Feature Default

Disabled – Configuration Required

Related Changes in This Release

Not applicable

Related Documentation

  • Command Line Interface Reference

  • IPSec Administration Guide

Revision History

Revision Details

Release

First introduced.

21.9.4

Feature Changes

If the maximum number of IKEV1 IPSec managers are already spawned in the system, then a new context with crypto map cannot be added as crypto map in a new context requires a new IPSec manager. A new CLI is introduced to limit the spawning of IKEv1 IPSec managers within a context so that the customer can limit the number of IPSec managers in each existing context and manage the spawning of new IPSec managers in new context if required later.

Previous Behavior: Any number of number of IPSec managers can be spawned within a context (depends on how many crypto maps are configured).

New Behavior: New CLI limit ipsecmgr ikev1 max enables to limit number of IPSec managers within a context.

Customer Impact: Flexibility to manage resources under multiple contexts and avoid the situation where no more crypto maps are available to add in the system when new context is added.


Important

This feature works only when require crypto ikev1-acl software (Software Datapath feature) is enabled at Global Configuration Mode.

Command Changes

This section describes the CLI configuration required to enable limiting of IPSec managers spawning within a context.

limit ipsecmgr ikev1 max

Use the following configuration to limit the parameter for this context. 

configure  
   context context_name  
      limit ipsecmgr ikev1 maxmax_value  
      default limit ipsecmgr ikev1 max 
      end

NOTES:

  • default : Sets/Restores default value assigned for specified parameter.

  • limit : Limits the parameter for this context.

  • ipsecmgr : To limit ipsecmgr manager settings.

  • ikev1 : Specifies IKEv1 tasks.

  • max max_value : Specifies maximum ipsecmgr IKEv1 tasks. max_value must be an integer from 1 to 176.