×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA ver. 9+: show vpn-sessiondb "WARNING: Platform capacity exceeded" Message?

Unanswered Question
Sep 30th, 2014
User Badges:

Hey everyone,
I'm working on a Cisco ASA 5505 (512MB RAM) running 9.0(4) with AnyConnect Essentials & Mobility licenses applied. When I run 'show vpn-sessiondb', I am seeing the following output:
 

# sh vpn-sessiondb 
---------------------------------------------------------------------------
VPN Session Summary                                                        
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concur : Inactive
                             ----------------------------------------------
AnyConnect Client            :     16 :       1553 :          24 :        0
  SSL/TLS/DTLS               :     16 :       1553 :          24 :        0
IKEv1 IPsec/L2TP IPsec       :      0 :         79 :           6
Site-to-Site VPN             :     11 :      13836 :          14
  IKEv1 IPsec                :     11 :      13836 :          14
---------------------------------------------------------------------------
Total Active and Inactive    :     27             Total Cumulative :  15468
Device Total VPN Capacity    :     25
Device Load                  :   108%
***!! WARNING: Platform capacity exceeded !!***
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concurrent   
                             ----------------------------------------------
IKEv1                        :     11 :      13915 :              17
IPsec                        :     31 :      16715 :              41
IPsecOverNatT                :      0 :         98 :               6
AnyConnect-Parent            :     16 :       1553 :              24
SSL-Tunnel                   :     16 :       3700 :              23
DTLS-Tunnel                  :     16 :       5050 :              23
---------------------------------------------------------------------------
Totals                       :     90 :      41031
---------------------------------------------------------------------------

In older versions [such as 8.2(5)] the output of show vpn-sessiondb broke up the limits for IPsec & SSLVPN into separate columns. For example, if this was a 5505 with an Essentials license, it would show 25 IPsec & 25 SSLVPN,

Can someone please confirm if this is still the case in the above example on version 9+? Are IPsec & SSLVPN still permitted to a maximum of 25 concurrent sessions each, or have they been combined into a singular, shared pool of resources?

If this limit is exceeded, would this cause issues with new tunnels or security-associations to be established?

Any help or guidance would be greatly appreciated!

Thanks!
- Mike

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content