Support Center > Search Results > SecureKnowledge Details
VTI Routes are not added correctly when more than 50 VTI Tunnels are used Technical Level
Symptoms
  • Any created static route pointing out the vpnt interface (or the nexthop peer) do not show in the routing table.

  • When installing policy, a cluster VIP from another VTI can be assigned to newly created VTI.

  • Log in $FWDIR/log/Routed.log shows that the VIP is added somewhere else. For example, IP for vpnt67 is removed so it can become vpnt84's IP:
    [DATE TIME] cpcl_create_address(3319): Removing X.X.X.X from vpnt67 so it can become vpnt84's cluster IP

Cause

When using more than 50 VPN Tunnel Interfaces (VTI), the temporary storage runs out, and the Security Gateway start assigning VIP's used by other interfaces to a new VTI.


Solution
Note: To view this solution you need to Sign In .