Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 520 Site to Site VPN Limitations ?

Does anybody know if there is a limited number of Site to Site VPNs you can do with the old 520. I have 4 site to site VPN's working fine. The 5th one, well.. I get this.

PSEC(sa_initiate): ACL = deny; no sa created .

Configs on both sides look fine. Ive done this a million times. Maybe Ive gone nutts..any ideas.

Thanks

Nick

1 REPLY
Cisco Employee

Re: PIX 520 Site to Site VPN Limitations ?

Hello Nick,

The 520 should easily accomodate a 5th peer.

Found this - Although the 520 sh version may reflect IKE PEERS as UNLIMITED, the theorical maximum is of 2000 vpn tunnels. It is stated that with the VPN accelerator card optimum performance would be 100 Mbps; without the VPN accel card your encryption would be based on software thus significantly reducing the perfomance. Without the encryption card the 3DES throughput a PIX 520 is 20 Mbps at optimal conditions.

If you are absolutely sure the config is correct, try clearing Phase 1 and Phase SAs on both sides of the tunnel. This may resolve the issue.

Hope that helps! If so, please rate.

Thanks

348
Views
0
Helpful
1
Replies
CreatePlease login to create content