Добрый день, прошу помощи отраблашутить проблему..
Ругается роутер на исерпанный лимит тунелей по лицензии securityk9
Код:
Sep 10 11:19:35.284 MSK: %CERM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.
Код:
router#sh platform cerm-information
Crypto Export Restrictions Manager(CERM) Information:
CERM functionality: ENABLED
----------------------------------------------------------------
Resource Maximum Limit Available
----------------------------------------------------------------
Tx Bandwidth(in kbps) 85000 85000
Rx Bandwidth(in kbps) 85000 85000
Number of tunnels 225 0
Number of TLS sessions 1000 1000
Resource reservation information:
D - Dynamic
-----------------------------------------------------------------------
Client Tx Bandwidth Rx Bandwidth Tunnels TLS Sessions
(in kbps) (in kbps)
-----------------------------------------------------------------------
VOICE 0 0 0 0
IPSEC D D 225 N/A
SSLVPN D D 0 N/A
Statistics information:
Failed tunnels : 54320
Failed sessions : 0
Failed tx bandwidth: 0
Failed rx bandwidth: 0
Failed encrypt pkts: 1538766
Failed decrypt pkts: 243
Failed encrypt pkt bytes: 1536478072
Failed decrypt pkt bytes: 309772
Passed encrypt pkts: 32653053021
Passed decrypt pkts: 17949706286
Passed encrypt pkt bytes: 19422831949392
Passed decrypt pkt bytes: 5173463144480
На роутере mGRE+IPsec
Но на деле у меня нет столько тунелей
Код:
IPsec SA total: 44, active: 44, rekeying: 0, unused: 0, inv
Sh ip nhrp показывает 44 активных тунеля.
Так же есть VPN сервер:
Код:
router#show ppp summary
Current Peak
--------- ---------
Non-MLP Sessions 2 16
MLP Sessions 0 0
--------------------- --------- ---------
Total Sessions 2 16
Current Peak
--------- ---------
Сам девайс
Код:
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
M9_8bitov_router uptime is 1 year, 12 weeks, 13 hours, 48 minutes
System returned to ROM by reload at 22:16:06 MSK Thu Jun 18 2015
System restarted at 22:19:18 MSK Thu Jun 18 2015
System image file is "flash0:c3900-universalk9-mz.SPA.152-3.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 987136K/61440K bytes of memory.
Processor board ID FCZ1744605K
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 C3900-SPE150/K9 FOC1wqewqe
Technology Package License Information for Module:'c3900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 EvalRightToUse securityk9
uc None None None
data None None None
Configuration register is 0x2102
Есть ли еще какие-либо команды, которые помогут узнать реальное кол-во тунелей?
Замечу, девайс 1.5 года работал без проблем с тунелями.