Cisco Cisco Packet Data Interworking Function (PDIF)
Crypto Template Configuration Mode Commands
▀ max-childsa
▄ Command Line Interface Reference, StarOS Release 16
2924
max-childsa
Defines a soft limit for the number of child Security Associations (SAs) per IKEv2 policy.
Product
All products supporting IPSEcv2
Privilege
Security Administrator
Syntax
max-childsa <numbr> [ overload-action { ignore | terminate } ]
max-childsa
<numbr>
Specifies a soft limit for the maximum number of Child SAs per IKEv2 policy. <numbr> can be an integer
from 1 to 4 for releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
from 1 to 4 for releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
overload-action { ignore | terminate }
The action taken when the specified soft limit for the maximum number of Child SAs is reached, as follows:
ignore
: The IKEv2 stack ignores the specified soft limit for Child SAs.
terminate
: The IKEv2 stack rejects any new Child SAs if the specified soft limit is reached.
Usage
The FNG maintains two maximum Child SA values per IKEv2 policy. The first is a system-enforced
maximum value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum
value, which can be a value between one and four. This command defines the soft limit for the maximum
number of Child SAs per IKEv2 policy.
maximum value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum
value, which can be a value between one and four. This command defines the soft limit for the maximum
number of Child SAs per IKEv2 policy.
Example
The following command specifies a soft limit of four Child SAs with the overload action of terminate.
max-childsa 4 overload action terminate