ike limit

Use ike limit to set the maximum number of half-open or established IKE SAs.

Use undo ike limit to restore the default.

Syntax

ike limit { max-negotiating-sa negotiation-limit | max-sa sa-limit }

undo ike limit { max-negotiating-sa | max-sa }

Default

There is no limit to the maximum number of half-open or established IKE SAs.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

max-negotiating-sa negotiation-limit: Specifies the maximum number of half-open IKE SAs and IPsec SAs. The value range for the negotiation-limit argument is 1 to 99999.

max-sa sa-limit: Specifies the maximum number of established IKE SAs. The value range for the sa-limit argument is 1 to 99999.

Usage guidelines

The supported maximum number of half-open IKE SAs depends on the device's processing capability. Adjust the maximum number of half-open IKE SAs to make full use of the device's processing capability without affecting the IKE SA negotiation efficiency.

The supported maximum number of established IKE SAs depends on the device's memory space. Adjust the maximum number of established IKE SAs to make full use of the device's memory space without affecting other applications in the system.

Examples

# Set the maximum number of half-open IKE SAs and IPsec SAs to 200.

<Sysname> system-view
[Sysname] ike limit max-negotiating-sa 200

# Set the maximum number of established IKE SAs to 5000.

<Sysname> system-view
[Sysname] ike limit max-sa 5000