Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2205
Views
0
Helpful
2
Replies

Vpn tunnel issue : maximum tunnel limit reached for crypto functionality with security K9 technology package license

rajbhatt
Level 3
Level 3

‎04-20-2011 05:37 AM

HI,

I have a  CISCO3945 router , with c3900-universalk9-mz.SPA.150-1.M3.bin.

My requirement is to run BGP with Ipsec , site to site tunnels ( my requirement is about 800-900 tunnels)

Currently I  have 225 tunnels that are established after which it gives an error message :

Error : maximum tunnel limit reached for crypto functionality with security K9 technology package license .

I need 2 things :

1.How can I configure the router for 800  tunnels ? Any other technology like MGRE or DMVPN  can I use with my existing platform ?

2.If I use a Hsec9 how many more tunnels will this support ? Can I get a license for 800-900 tunnels ?

Also a sample configuration would be very helpful

regards

Raj

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-20-2011 09:33 PM

Yes, you can purchase the HSEC9 license to remove the limitation with maximum number of tunnels.

Here is the error message explaination for your reference:

http://www.cisco.com/en/US/docs/ios/system/messages/guide/sm_cn02.html#wp607533

Hope that helps.

0 Helpful

rajbhatt
Level 3
Level 3
In response to Jennifer Halim

‎04-20-2011 10:00 PM

Hi Jennifer,

Thanks for your reply.

But I wanted to know what were my options for this box ?

If  I purchase Hsec9 license , how many more tunnels will that support ? It is not indicated in the release notes .

Also is there another technology/configuration  that I can use for this senerio for this router , to support 800 above tunnels .

Suppose if I shift from simple ipsec site to site tunnels to DMVPN or MGRE over IPSEC , wonder if it will  solve my issue ?

Or any other IOS that will support 900 IPSEC tunnels ?

Rgs

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents