Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
629
Views
0
Helpful
1
Replies

cisco ASA 5505 Remote Access IPSec - Tunnel Rejected - The maximum tunnel count allowed has been reached

carlo.taddei1
Level 1
Level 1

‎12-11-2015 05:08 AM - edited ‎02-21-2020 08:35 PM

I am working on implementing a "standard" Remote Access IKEv1 IPSec VPN to a cisco ASA 5505 (OS 8.4 - base license) and I keep getting the error message:

%ASA-4-713239: IP_Address: Tunnel Rejected: The maximum tunnel count allowed has been reached

even if there are no Site to Site or any additional VPN sessions (remote access VPN, Easy VPN, etc.) currently running / established on the unit.

I have tried to clear the "vpn-sessiondb" summary / statistics, as well as all ISAKMP / IKE SAs - no luck.

Before the statistics reset, the cumulative count of VPN sessions (remote access + S2S, SSL as well as IKEv1 and IKEv2) was set to > 60.

It is currently set to 0; however it looks to me as if the OS is still somehow "retaining" the cumulative count of VPN sessions.

(the unit has now been running over almost 14 months...)

It looks to me as if something as OS level is stuck .... does anyone know a workaround for resetting the responsible SW modules without needing to reboot the platform ?

Labels:
0 Helpful
1 Reply 1

rvarelac
Level 7
Level 7

‎12-13-2015 12:29 PM

Hi Carlo, 

Is this ASA in multiple context ? If so, you should check the resource limitation assigned to this context.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/116639-technote-asa-00.html

Hope it helps

-Randy-

0 Helpful
Customers Also Viewed These Support Documents