Cisco Cisco Packet Data Gateway (PDG)
max-childsa
Defines a soft limit for the number of child Security Associations (SAs) per IKEv2 policy.
Product
All products supporting IPSEcv2
Privilege
Security Administrator
Syntax Description
max-childsa integer [ overload-action { ignore | terminate } ]
max-childsa integer
Specifies a soft limit for the maximum number of Child SAs per IKEv2 policy as an integer from 1 to 4 for
releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
overload-action { ignore | terminate }
Specifies the action to be taken when the specified soft limit for the maximum number of Child SAs is reached.
The options are:
The options are:
• ignore: The IKEv2 stack ignores the specified soft limit for Child SAs.
• terminate: The IKEv2 stack rejects any new Child SAs if the specified soft limit is reached.
Usage Guidelines
Two maximum Child SA values are maintained per IKEv2 policy. The first is a system-enforced maximum
value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum value, which
can be a value between one and four. This command defines the soft limit for the maximum number of Child
SAs per IKEv2 policy.
value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum value, which
can be a value between one and four. This command defines the soft limit for the maximum number of Child
SAs per IKEv2 policy.
Examples
The following command specifies a soft limit of four Child SAs with the overload action of terminate.
max-childsa 4 overload-action terminate
max-childsa 4 overload-action terminate
Command Line Interface Reference, Modes C - D, StarOS Release 19
1255
Crypto Template Configuration Mode Commands
max-childsa