CONTAP-475236:由于半开放连接的负计数,IPsec 可以拒绝新的协商 最后更新 另存为PDF Closure Action:Select an actionApprovedRejectedGuide Link:Select rejection reason:Select a reasonInsufficient informationExisting KB updatedExisting KB availableContent not requiredPlease let us know what is missing:Existing KB Link:Additional Comments:Set the Confidence and Visibility correctly on the Capture Manager.Link the KB article to the Case. If you fail to link, the PAR will be scored as Capture Loss for the case owner. Views:Visibility:PublicVotes:0Category:ontap-9Specialty:coreLast Updated: 问题描述strongSwan 会保留 IPsec 协商期间的半开放连接数计数。每个节点都有自己的 strongSwan 任务,因此有自己的计数。在某些情况下,计数器(无符号整数)可能会变为负数,然后被视为非常大量的半开放连接。如果半开放连接计数器大于 200,strongSwan 拒绝任何新的协商。