Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1043
Views
1
Helpful
8
Replies

How many site to site vpn tunnel we can make for FTD2100

edwincharles
Level 1
Level 1

‎03-05-2023 01:11 AM

How many site to site vpn tunnel we can make for FTD2100, is there any restriction

0 Helpful
8 Replies 8

Rob Ingram
VIP
VIP

‎03-05-2023 01:14 AM - edited ‎03-05-2023 01:14 AM

@edwincharles it differs depending on which model FPR2100 hardware you are using. The table below represents the IPSec throughput and maximum supported tunnels for all of the FPR2100 series firewalls.

1.png

0 Helpful

edwincharles
Level 1
Level 1
In response to Rob Ingram

‎03-05-2023 01:16 AM

Hi Rob, Thanks for the update.

So it means max 1500 site-to-site VPN can be configured for 2110

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to edwincharles

‎03-05-2023 01:50 AM

even though mentioned maximum numbers, you need to add the License and also check the throughput supported and other Limitations

I have not seen anywhere papers produced and have 1500VPN on FTD 2100. also, think on failure scenarios and don't put all in one basket.

 

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mohammad Ahmadvand
Level 1
Level 1

‎03-05-2023 01:15 AM

The maximum number of site-to-site VPN tunnels that can be configured on an FTD 2100 device varies depending on the licensing. For example, with the Base license, the maximum number of site-to-site VPN tunnels is 10. With the Threat license, the maximum number is 50, and with the Security Plus license, the maximum number is 250.

0 Helpful

MHM Cisco World
VIP
VIP

‎03-05-2023 03:02 AM

As I know the S2S VPN is not count as number, it count as the max throughput can FPR support for S2S VPN. 
if you have hub and spoke and you have 100 sites but not all active and some are active and traffic within the throughput of S2S VPN, then the number of S2S VPN accept is not 100 it max FPR throughput can handle. 
this what I know. 
NOTE:- for remote access the FPR as Mr @Rob Ingram show have specific MAX number for each platform.  

0 Helpful

Rob Ingram
VIP
VIP
In response to MHM Cisco World

‎03-05-2023 03:49 AM - edited ‎03-05-2023 03:52 AM

The Maximum VPN peers for each model (as per the screenshot above) relates to any type of VPN (Remote Access or Site-to-Site).

There is no specific Site-to-Site VPN license, it's available as default. You will need strong crypto enabled, which is controlled by selecting the option to allow export-controlled functionality on the device when you registered with the Smart License Manager. 

@edwincharles yes, 1500 maximum VPN peers on the FPR2110.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Rob Ingram

‎03-05-2023 03:58 AM

I have ciscolive slides,
show that the number 1500 for 2110 (for example) appear in both slide you share and what I have. 
and what I have is talking about remote access sizing. 

why IPsec is not count in number but count in throughput, I know that from license you buy 
you not buy license for 100 S2S VPN you buy license support X G or M throughput for IPsec. 

I hope I am right.  

Screenshot (399).png
Screenshot (400).png

0 Helpful

Rob Ingram
VIP
VIP
In response to MHM Cisco World

‎03-05-2023 04:27 AM

@MHM Cisco World "you buy license support X G or M throughput for IPsec." - what is this license? That contradicts Cisco's FTD documentation for Site-to-Site VPN.

RobIngram_1-1678018841227.png

I disagree that IPSec is based purely on throughput.

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card