Cisco Cisco ASA 5545-X Adaptive Security Appliance Guía Para Resolver Problemas
Crypto IKEv2 cookie−challenge: Enables the ASA to send cookie challenges to peer devices in
response to half−open SA initiated packets.
response to half−open SA initiated packets.
•
Crypto IKEv2 limit max−sa: Limits the number of IKEv2 connections on the ASA. By default, the
maximum allowed IKEv2 connection equals the maximum number of connections specified by the
ASA license.
maximum allowed IKEv2 connection equals the maximum number of connections specified by the
ASA license.
•
Crypto IKEv2 limit max−in−negotiation−sa: Limits the number of IKEv2 in−negotiation (open)
SAs on the ASA. When used in conjunction with the crypto IKEv2 cookie−challenge command,
ensure the cookie−challenge threshold is lower than this limit.
SAs on the ASA. When used in conjunction with the crypto IKEv2 cookie−challenge command,
ensure the cookie−challenge threshold is lower than this limit.
•
Use asymmetric keys. After migration, the configuration can be modified to use asymmetric keys as
shown here:
shown here:
ASA−2(config)# more system:running−config
tunnel−group <peer_ip−address> type ipsec−l2l
tunnel−group <peer_ip−address> ipsec−attributes
IKEv1 pre−shared−key cisco1234
IKEv2 remote−authentication pre−shared−key cisco1234
IKEv2 local−authentication pre−shared−key cisco123
•
It is important to realize that the configuration needs to be mirrored on the other peer for the IKEv2
pre−shared−key. It will not work if you select and paste the configuration from one side to the other.
pre−shared−key. It will not work if you select and paste the configuration from one side to the other.
Note: These commands are disabled by default.
Related Information
Technical Support & Documentation
•
Contacts & Feedback | Help | Site Map
© 2014 − 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.
© 2014 − 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.
Updated: Feb 25, 2013
Document ID: 113597