03-05-2023 01:11 AM
How many site to site vpn tunnel we can make for FTD2100, is there any restriction
03-05-2023 01:14 AM - edited 03-05-2023 01:14 AM
@edwincharles it differs depending on which model FPR2100 hardware you are using. The table below represents the IPSec throughput and maximum supported tunnels for all of the FPR2100 series firewalls.
03-05-2023 01:16 AM
Hi Rob, Thanks for the update.
So it means max 1500 site-to-site VPN can be configured for 2110
03-05-2023 01:50 AM
even though mentioned maximum numbers, you need to add the License and also check the throughput supported and other Limitations
I have not seen anywhere papers produced and have 1500VPN on FTD 2100. also, think on failure scenarios and don't put all in one basket.
03-05-2023 01:15 AM
The maximum number of site-to-site VPN tunnels that can be configured on an FTD 2100 device varies depending on the licensing. For example, with the Base license, the maximum number of site-to-site VPN tunnels is 10. With the Threat license, the maximum number is 50, and with the Security Plus license, the maximum number is 250.
03-05-2023 03:02 AM
As I know the S2S VPN is not count as number, it count as the max throughput can FPR support for S2S VPN.
if you have hub and spoke and you have 100 sites but not all active and some are active and traffic within the throughput of S2S VPN, then the number of S2S VPN accept is not 100 it max FPR throughput can handle.
this what I know.
NOTE:- for remote access the FPR as Mr @Rob Ingram show have specific MAX number for each platform.
03-05-2023 03:49 AM - edited 03-05-2023 03:52 AM
The Maximum VPN peers for each model (as per the screenshot above) relates to any type of VPN (Remote Access or Site-to-Site).
There is no specific Site-to-Site VPN license, it's available as default. You will need strong crypto enabled, which is controlled by selecting the option to allow export-controlled functionality on the device when you registered with the Smart License Manager.
@edwincharles yes, 1500 maximum VPN peers on the FPR2110.
03-05-2023 03:58 AM
I have ciscolive slides,
show that the number 1500 for 2110 (for example) appear in both slide you share and what I have.
and what I have is talking about remote access sizing.
why IPsec is not count in number but count in throughput, I know that from license you buy
you not buy license for 100 S2S VPN you buy license support X G or M throughput for IPsec.
I hope I am right.
03-05-2023 04:27 AM
@MHM Cisco World "you buy license support X G or M throughput for IPsec." - what is this license? That contradicts Cisco's FTD documentation for Site-to-Site VPN.
I disagree that IPSec is based purely on throughput.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide