Configuring Vpn Session Limits - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 29
Setting General IPSec VPN Parameters
If you enable cluster encryption, you must also specify the IPSec shared secret by entering the cluster
Step 5
key command. This command specifies the shared secret to between IPSec peers when you have enabled
IPSec encryption. The value you enter in the box appears as consecutive asterisk characters
hostname(config-load-balancing)# cluster key shared_secret
hostname(config-load-balancing)#
For example, to set the shared secret to 123456789, enter the following command:
hostname(config-load-balancing)# cluster key 123456789
hostname(config-load-balancing)#
Enable this device's participation in the cluster by entering the participate command:
Step 6
hostname(config-load-balancing)# participate
hostname(config-load-balancing)#
Configuring VPN Session Limits
You can run as many IPSec and WebVPN sessions as your platform and license for the security appliance
supports. To view the licensing information for your security appliance, enter the show version
command in global configuration mode. The following example shows the command and the licensing
information excerpted from the output of this command:
hostname(config)# show version
Cisco Adaptive Security Appliance Software Version 7.1(0)182
Device Manager Version 5.1(0)128
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs
Inside Hosts
Failover
VPN-DES
VPN-3DES-AES
Security Contexts
GTP/GPRS
VPN Peers
WebVPN Peers
This platform has an ASA 5520 VPN Plus license.
To limit the maximum number of active IPSec VPN sessions to a lower value than the security appliance
allows, enter the vpn-sessiondb max-session-limit command in global configuration mode. This limit
affects the calculated load percentage for VPN Load Balancing.
hostname(config)# vpn-sessiondb max-session-limit number_of_sessions
hostname(config)#
For example, if the security appliance license allows 750 IPSec sessions, and you want to limit the
number of IPSec sessions to 500, enter the following command:
hostname(config)# vpn-sessiondb max-session-limit 500
hostname(config)#
OL-10088-01
: 100
: Unlimited
: Active/Active
: Enabled
: Enabled
: 10
: Enabled
: 750
: 500
Cisco Security Appliance Command Line Configuration Guide
Configuring VPN Session Limits
29-11
Advertisement
Table of Contents
Troubleshooting
