Cisco Cisco Packet Data Gateway (PDG) Folheto
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
▀ maximum-child-sa
▄ Cisco ASR 5x00 Command Line Interface Reference
2856
maximum-child-sa
Configures the maximum number of IPSec child security associations that can be derived from a single IKEv2 IKE
security association.
security association.
Product
All Security Gateway products
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template IKEv2-
Dynamic Payload Configuration
Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload
payload_name match childsa
payload_name match childsa
match
{ any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax
maximum-child-sa num
default maximum-child-sa
maximum-child-sa
num
Specifies the maximum number of IPSec child security associations that can be derived from a single IKEv2
IKE security association.
IKE security association.
num
must be 1. Default: 1
default maximum-child-sa
Sets the maximum number of Child SAs to its default value of 1.
Usage
Use this command to configure the maximum number of IPSec child security associations that can be derived
from a single IKEv2 IKE security association.
from a single IKEv2 IKE security association.
Example
The following command configures the maximum number of child SAs to 1:
maximum-child-sa 1