【Problem Description】: Please help to check our Device HUBDCRT-VPN01 for branch vpn router has limit and reach max number of IPSec policy group.
[HUBDCRT-VPN01-ike-peer-10.1.3.70]ipsec policy BR-VPN-ISP01 70 isakmp
Error:The policy number in one IPSec policy group has already reached max number.
【Problem Analysis】: You can refers to below to configure by template :
After checking, our best solution for your ipsec policy reaches max is to configure it by template, you may check the configuration below as reference:
#
ipsec proposal PS01-3DES-MD5
esp authentication-algorithm md5
esp encryption-algorithm 3des
#
ike proposal 5
encryption-algorithm 3des-cbc
dh group1
authentication-algorithm sha1
prf hmac-sha2-256
#
ike peer ISP03 v2
pre-shared-key cipher xxxx
ike-proposal 5
#
ipsec policy-template ISP03 10 // use template for new branch IPsec tunnel
ike-peer ISP03
proposal PS01-3DES-MD5
#
ipsec policy BR-VPN-ISP03 xxx isakmp template ISP03 // change the sequence max value , keep it finally .
#
interface GigabitEthernet0/0/1.705
ipsec policy BR-VPN-ISP03
#
