Cisco Cisco Packet Data Gateway (PDG)
Crypto Template Configuration Mode Commands
▀ max-childsa
▄ Command Line Interface Reference, StarOS Release 17
3006
max-childsa
Defines a soft limit for the number of child Security Associations (SAs) per IKEv2 policy.
Product
All products supporting IPSEcv2
Privilege
Security Administrator
Syntax
max-childsa integer [ overload-action { ignore | terminate } ]
max-childsa
integer
Specifies a soft limit for the maximum number of Child SAs per IKEv2 policy as an integer from 1 to 4 for
releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
releases prior to 15.0, or 1 to 5 for 15.0 and higher. Default = 2.
overload-action { ignore | terminate }
Specifies the action to be taken when the specified soft limit for the maximum number of Child SAs is
reached. The options are:
reached. The options are:
ignore
: The IKEv2 stack ignores the specified soft limit for Child SAs.
terminate
: The IKEv2 stack rejects any new Child SAs if the specified soft limit is reached.
Usage
Two maximum Child SA values are maintained per IKEv2 policy. The first is a system-enforced maximum
value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum value, which
can be a value between one and four. This command defines the soft limit for the maximum number of Child
SAs per IKEv2 policy.
value, which is four Child SAs per IKEv2 policy. The second is a configurable soft maximum value, which
can be a value between one and four. This command defines the soft limit for the maximum number of Child
SAs per IKEv2 policy.
Example
The following command specifies a soft limit of four Child SAs with the overload action of terminate.
max-childsa 4 overload-action terminate