Vpn tunnel issue : maximum tunnel limit reached for crypto functionality with security K9 technology...

rajbhatt · ‎04-20-2011

HI,

I have a CISCO3945 router , with c3900-universalk9-mz.SPA.150-1.M3.bin.

My requirement is to run BGP with Ipsec , site to site tunnels ( my requirement is about 800-900 tunnels)

Currently I have 225 tunnels that are established after which it gives an error message :

Error : maximum tunnel limit reached for crypto functionality with security K9 technology package license .

I need 2 things :

1.How can I configure the router for 800 tunnels ? Any other technology like MGRE or DMVPN can I use with my existing platform ?

2.If I use a Hsec9 how many more tunnels will this support ? Can I get a license for 800-900 tunnels ?

Also a sample configuration would be very helpful

regards

Raj

Jennifer Halim · ‎04-20-2011

Yes, you can purchase the HSEC9 license to remove the limitation with maximum number of tunnels.

Here is the error message explaination for your reference:

Hope that helps.

rajbhatt · ‎04-20-2011

Hi Jennifer,

Thanks for your reply.

But I wanted to know what were my options for this box ?

If I purchase Hsec9 license , how many more tunnels will that support ? It is not indicated in the release notes .

Also is there another technology/configuration that I can use for this senerio for this router , to support 800 above tunnels .

Suppose if I shift from simple ipsec site to site tunnels to DMVPN or MGRE over IPSEC , wonder if it will solve my issue ?

Or any other IOS that will support 900 IPSEC tunnels ?

Rgs

Raj

Vpn tunnel issue : maximum tunnel limit reached for crypto functionality with security K9 technology package license