We help IT Professionals succeed at work.

IPSEC tunnels of Cisco ISR routers

a9562055
a9562055 asked
on
The link below states the max tunnels each cisco device can establish.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ps8768_Products_Brochure.html


My questions are,

1. What is the IOS cli command to check how many tunnels are established presently,
say on ISR 2800 series?

2. What is the meaning of "Maximum number of IPSec Tunnels" ?
Does this mean

a . The maximum number of configuration below for example,
crypto isakmp key 6 toshin10 address 172.25.21.1 OR

b. The maximum number of SAs below for example One ACLs for one SA.
Therefore, if we have 6 ACLs, 6 SAs are created.
 Also, routers at counter part creates 6 SAs.
Altogether we have 12 SAs.
ip access-list extended IPsec-JA_LIST  
permit ip 148.0.0.0 0.255.255.255 172.17.100.0 0.0.3.255
permit ip 148.0.0.0 0.255.255.255 172.17.104.0 0.0.3.255  
permit ip 148.0.0.0 0.255.255.255 172.17.201.0 0.0.0.255  
permit ip 148.0.0.0 0.255.255.255 148.247.0.0 0.0.255.255  
permit ip 148.0.0.0 0.255.255.255 186.156.0.0 0.3.255.255  
permit ip 148.0.0.0 0.255.255.255 186.160.0.0 0.3.255.255

Regards.
Comment
Watch Question

Commented:
You can try
Rtr# show crypto ipsec sa
Rtr# show crypto isakmp sa
Les MooreSr. Systems Engineer
Top Expert 2008

Commented:
Generally speaking, the total number of IPSEC tunnels is the number of simultaneous established VPN tunnels or active SA's.

John MeggersNetwork Architect

Commented:
Remember the SAs are unidirectional, so you'll see two for each IPSec connection.