Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
1
Replies

PIX 520 Site to Site VPN Limitations ?

NickWalker
Level 1
Level 1

‎07-31-2006 12:54 PM - edited ‎02-21-2020 02:33 PM

Does anybody know if there is a limited number of Site to Site VPNs you can do with the old 520. I have 4 site to site VPN's working fine. The 5th one, well.. I get this.

PSEC(sa_initiate): ACL = deny; no sa created .

Configs on both sides look fine. Ive done this a million times. Maybe Ive gone nutts..any ideas.

Thanks

Nick

Labels:
0 Helpful
1 Reply 1

hemendoz
Cisco Employee
Cisco Employee

‎07-31-2006 06:10 PM

Hello Nick,

The 520 should easily accomodate a 5th peer.

Found this - Although the 520 sh version may reflect IKE PEERS as UNLIMITED, the theorical maximum is of 2000 vpn tunnels. It is stated that with the VPN accelerator card optimum performance would be 100 Mbps; without the VPN accel card your encryption would be based on software thus significantly reducing the perfomance. Without the encryption card the 3DES throughput a PIX 520 is 20 Mbps at optimal conditions.

If you are absolutely sure the config is correct, try clearing Phase 1 and Phase SAs on both sides of the tunnel. This may resolve the issue.

Hope that helps! If so, please rate.

Thanks

0 Helpful
Customers Also Viewed These Support Documents