about GETVPN

Unanswered Question
Jul 1st, 2010

Hi everyone,

How many SA's can a getvpn handle ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jason Gervia Fri, 07/02/2010 - 07:07


This is platform specific.  The 'show cry eli' command should be able to tell you that information for your specific platform:


Hardware Encryption : ACTIVE
Number of hardware crypto engines = 1

CryptoEngine NETGX details: state = Active
Capability      : IPPCP, DES, 3DES, AES, IPv6, GDOI, FAILCLOSE

IPSec-Session :     0 active,  2400 max, 0 failed

Keep in mind that due to re-keying, you'll only be able to get about 1/2 your limit (because you will have both the old IPSEC SA and the new IPSEC SA for a short period of time, until the old SA expires).



This Discussion