Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Maximum VPN/IKE SA's on a PIX 501

The PIX 501 documentation states that it supports a maximum of 5 simultaneous IKE SA's. Does this number refer to the IPSEC sessions that are terminated by the PIX? If I am not terminating these sessions at the PIX and instead use VPN client software on my clients, am I bound by a specific number of SA's if the PIX is just passing these sessions through? Thanks.

New Member

Re: Maximum VPN/IKE SA's on a PIX 501

its refered to the session that are terminated in the pix.

This means, the session that the pix is encrypting and decrypting.

if you use a vpn client on the inside network, the pix just let the ipsec traffic pass thru and it doesnt start any ipsec procces in the firewall.

Also , you must be shure that ESP (udp/500) pass through the pix.

I hope it helps

New Member

Re: Maximum VPN/IKE SA's on a PIX 501

That helps a great deal -- thank you very much for your reply.

CreatePlease to create content