Maximum VPN and static route problem

Forum|Forum|6 years ago
December 20, 2019
1 reply
5735 views

Hello All,

I am using 60E, the number of site to site IPSEC VPN advertised on the product catalog is 200. When I create VPN with VPN wizard in creates automaticly 2 static routes. And max static routes limited to 100 entries. After I creAte 50th vpn I would like to create 51th VPN, the wizard does not end. Then I check policies and addresses and routes, I observed only static routes are missing because of maximum number of entries 100, its not allow to create another static route. Is there any way to solve this issue?

5.6

Toshi_Esumi

SuperUser

Are those two static routes are for 2 subnets at the remote locations? I regularly don't use GUI for IPsec creation and that's why I'm asking. But the 100 seems to be the hard limit for static routes. Unless you go to one of routing protocol, like ospf, bgp, etc., which doesn't seem to have any hard limit, only way to go around is to consolidate those two subnets into one supersubnet to make them half. That might require changing the subnets each location.

By the way, I would concern about the 60E's performance if the number of IPsec vpns go up that high. Is it working fine so far?

taycelAuthor

New Member

Hello,

Making dynamic routing is not possible because of devices on the other site make ipsec tunnel is not supporting this. I ve check that this morning. I would like to use supersubnet solution but, routing is made to vpn interface instead of gateway. In our configuration every tunnel needs around 100 kbps and this is not a problem of performance of 60E. Any new advise about that?

James_G

New Member

Policy based ipsec?

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/991625/policy-based-ipsec-tunnel

No static routes, but would end up with lots of similar policies.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded