VPN Tunnel Capacity and Licensing

The maximum number of active VPN tunnels your XTM device supports depends on values in the feature key for XTM device. The maximum number of supported tunnels is different for each XTM device model.

Find Your XTM Device Tunnel Capacity

To see the maximum number of VPN tunnels your XTM device supports:

  1. Select System > Feature Key.
    The Feature Key page appears.
  2. In the Feature column, look for the VPN features.
  3. For each VPN feature, the associated Value tells you the maximum number of active tunnels.

In the feature key, these features identify the licensed VPN limits:

There is no feature key line item for PPTP Users. The maximum number of PPTP user connections is always 50.

VPN License Enforcement

The maximums in the feature key limit the number of each type of VPN tunnel that can be active at the same time. The feature key does not limit the size of the mobile VPN virtual IP address pools or the number of tunnel routes you can configure for branch office VPNs.

VPN License Warnings

If the number of branch office VPN tunnels or the number of Mobile VPN with IPSec users reach the license limit for your device, a warning appears in the VPN Statistics System Status page.

If the number of branch office VPN tunnels reaches the license limit, the warning says:

The maximum allowed number of active BOVPN tunnels has been reached (Maximum: nn)

If the number of active Mobile VPN with IPSec users reaches the license limit, the warning says:

The maximum allowed number of active MUVPN user connections has been reached (Maximum: nn)

Mobile VPN Virtual IP Address Pools

If configure a mobile VPN IP address pool with a higher number of IP addresses than the maximum number in the feature key, you see a warning that the number of IP addresses in the virtual address pool is higher than the maximum number of users in the feature key. You can still save the configuration, but the address pool contains some IP addresses that will never be used.

The maximum number of concurrent active VPN connections is based on the value in the feature key, not on the number of IP addresses in the virtual IP address pool.

For example, if your XTM device feature key allows a maximum of 55 Mobile VPN with L2TP connections, and you configure the Mobile VPN with L2TP virtual IP address pool with 100 IP addresses, only 55 Mobile VPN with L2TP connections can be active at the same time.

About Branch Office VPN Tunnel Routes

For license enforcement, an active BOVPN virtual interface counts as a single tunnel route, even if multiple VPN routes are configured to use it. For a branch office VPN that is not configured as a BOVPN virtual interface, each active VPN tunnel route counts as a tunnel route in use.

The feature key does not limit the number of tunnel routes you can configure, but it does limit the number of tunnel routes that can be active at the same time.

For example, if your XTM device feature key allows a maximum of 50 tunnels, and you configure a total of 60 tunnel routes, only 50 of the branch office VPN tunnel routes can be active at the same time.

See Also

Virtual IP Addresses and Mobile VPNs

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base