Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
25-35
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Configuring VPN Global Settings
If used in conjunction with the Maximum SAs in Negotiation option, configure a lower
cookie-challenge threshold.
Navigation Path
For remote access VPNs, do one of the following:
(Device View) Select Remote Access VPN > Global Settings from the Policy selector. Click
the IKEv2 Settings tab.
(Policy View) Select Remote Access VPN > Global Settings from the Policy Type selector.
Select an existing policy or create a new one, then click the IKEv2 Settings tab.
For site-to-site VPNs, do one of the following:
Open the Site-to-Site VPN Manager Window, page 24-18, select a topology in the VPNs
selector, then select VPN Global Settings in the Policies selector. Click the IKEv2 Settings
tab.
(Policy view) Select Site-to-Site VPN > VPN Global Settings from the Policy Types selector.
Select an existing shared policy or create a new one, then click the IKEv2 Settings tab.
Related Topics
Configuring VPN Global Settings, page 25-29
Understanding IKE, page 25-5
Understanding IPsec Proposals, page 25-17
Configuring Cluster Load Balance Policies (ASA), page 30-5
Field Reference
Table 25-6 VPN Global Settings Page, IKEv2 Settings Tab
Element Description
Maximum SAs The number of allowed IKEv2 connections (security associations) on
the device. The default limit is the maximum number of connections
specified by the device license, which differs by device model.
Specify a number only if you want to create a limit that is lower than
the device license. The range is 1 to 10000.
Maximum SAs in
Negotiation
The maximum number of IKEv2 security associations (SAs) that can be
in negotiation at any time as a percentage of the maximum allowed
SAs. The default is no limit on SAs in negotiation, so it is possible for
all available SAs to be in negotiation. The range is 1 to 100%.
If you configure this option and also enable custom cookie challenge,
configure the cookie challenge threshold lower than this limit.