Hi Ahmed,
According with the documentation:
For Issues Where the Maximum Tunnel CERM Limit is Reached
Collect this output periodically in order to help identify one of these three conditions:
The number of tunnels has exceeded the CERM limit.
There is a tunnel count leak (number of crypto tunnels as reported by crypto statistics exceeds the actual number of tunnels).
There is a CERM count leak (number of CERM tunnel count as reported by CERM statistics exceeds the actual number of tunnels).
Here are the commands to use:
show crypto eli detail
show crypto isa sa count
show crypto ipsec sa count
show platform cerm-information
Solution
The best solution for users with a permanent securityk9 license that encounter this issue is to purchase the HSEC-K9 license. For information on these licenses,ISR Licensing
So , if you install a HSEC-K9 license , you will increase the encrypt tunnel value
Hope it helps
-Randy-