I am trying to replace a 1751 IPSec VPN that connects a single LAN behind the 1751 to ~45 remote networks behind a single peer. There are a small number of workstations (~50) and low throughput (< 1MBps) across this VPN, the biggest trouble is the number of remote networks needed.
I have tried to connect an ASA5505 Security Plus in place of the 1751 and am able to get Phase 1 and Phase 2 up, except I don't get all of my ipsec sa's and can only pass traffic to some of the remote networks. Does the 25 IPSec limit apply to multiple sa's one one peer, I've only ever seen it spoken of as a 25 peer limit?
If I understand your posting correct, you have 1751 connected to 45 remote locations via VPN tunnels. When you try to replace 1751 with 5505 with Sec plus license, only few locations able to pass the traffic.
If all the configurations correct, post 'Show Version' from ASA. There may be licensing issue. If you see only 25IPsec tunnels allowed, then its definitely license issue.
Below is the show version of my ASA5505. It does say Total VPN Peers = 25 but I have only 1 crypto map with 1 peer. Does the license actually mean Total Security Associations = 25 given that each peer usually has few security associations?
To my knowledge, one crypto should take one license-but I may be wrong. Check by issues ;show vpn-sessiondb summary- the ASA should show you many in use and license info as well. Once you have that information, try to tear down one SA and see of that changes. That explains the case.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :