Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
161
Views
0
Helpful
4
Replies

ASA only allowing 10 VPN tunnels at a time (with Security Plus licensing)

gbatt0001
Level 1
Level 1

‎08-31-2015 09:47 AM

We have 14 Site-to-site connections configured on the main site ASA. We recently upgraded our license to Security Plus and now have 25 available "Total VPN Peers". However, the main site ASA is still only allowing 10 site-to-site connections at a time. If I log one site out, the next one immediately connects, but it never allows over 10 connections.

 

Any thoughts?

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎08-31-2015 02:34 PM

Look if you have the following command configured. If yes, remove the command:

sh run | i vpn-sessiondb max-other-vpn-limit

 

0 Helpful

gbatt0001
Level 1
Level 1
In response to Karsten Iwen

‎08-31-2015 02:43 PM

Thanks Karsten, but doesn't look like that command is configured

0 Helpful

Karsten Iwen
VIP
VIP
In response to gbatt0001

‎08-31-2015 03:15 PM

Are you using IKEv2? Then there is also the command "crypto ikev2 limit max-sa XX".

And there is a different version of the above command that can also limit the sessions: "vpn-sessiondb max-session-limit".

0 Helpful

gbatt0001
Level 1
Level 1
In response to Karsten Iwen

‎08-31-2015 03:23 PM

This particular ASA is still on 5.2, so no IKE2, just IKE IPsec

0 Helpful
Customers Also Viewed These Support Documents