Table of Contents
Advertisement
undo ike limit { max-negotiating-sa | max-sa }
Default
There is no limit to the maximum number of half-open or established IKE SAs.
Views
System view
Predefined user roles
network-admin
Parameters
max-negotiating-sa negotiation-limit
IKE SAs and IPsec SAs. The value range for the
max-sa sa-limit
the
sa-limit
Usage guidelines
The supported maximum number of half-open IKE SAs depends on the device's processing
capability. Adjust the maximum number of half-open IKE SAs to make full use of the device's
processing capability without affecting the IKE SA negotiation efficiency.
The supported maximum number of established IKE SAs depends on the device's memory space.
Adjust the maximum number of established IKE SAs to make full use of the device's memory space
without affecting other applications in the system.
Examples
# Set the maximum number of half-open IKE SAs and IPsec SAs to 200.
<Sysname> system-view
[Sysname] ike limit max-negotiating-sa 200
# Set the maximum number of established IKE SAs to 5000.
<Sysname> system-view
[Sysname] ike limit max-sa 5000
ike logging negotiation enable
Use
ike logging negotiation enable
Use
undo ike logging negotiation packet enable
Syntax
ike logging negotiation enable
undo ike logging negotiation enable
Default
Logging for IKE negotiation is disabled.
Views
System view
Predefined user roles
network-admin
: Specifies the maximum number of established IKE SAs. The value range for
argument is 1 to 99999.
: Specifies the maximum number of half-open
negotiation-limit
to enable logging for IKE negotiation.
to disable logging for IKE negotiation.
22
argument is 1 to 99999.
Advertisement
Chapters
Table of Contents
