We have a ASA 5510 (v8.2.2 with ASDM 6..4.7, 256Mb mem) with a license for 250 VPN Peers. The machine has currently one site-to-site VPN active. I've added a remote-access IPSec VPN for some users but when connecting from the remote site the connection is dropped and the ASA reports
%ASA-4-713239 Tunnel Rejected : The maximum tunnel count allowed has been reached.
I've searched for info relating to this message but I found none. Before I plan a restart (it's up for 222 days), is there something I could do on CLI to fix this ?
Do you have a listing of how many cumulative vpn sessions you've had? It sounds like your OS is looking at the count of cumulative vpn sessions you've had rather than how many are currently in progress.
During the time this ASA has been up, it only had one site-to-site active there was no remote-access activity. Don't know if the VPN had a lot of reconnections causing a session counter to go haywire (if this is possible at all).
A reboot didn't solve the problem. The configured site-to-sites came backup without a glitch but remote-access VPN refused to work. Upgraded the kit to 8.2.5 ED and all works although the upgrade ruined a site-to-site with a 876 router (have had more mysterious problems with 87x/ASA site-to-site VPNs). Suddenly the VPN with the 876 failed at phase 1.
Luckily I was able to work around the 876 problem by adding the tunneled traffic to a VPN on an ASA (we were alrady replacing some stuff). The DSL-line connected was used for voice traffic.
When I have time I will do some research why the VPN broke down. At the moment all is working.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :