Support Center > Search Results > SecureKnowledge Details
VTI Routes are not added correctly when more than 50 VTI Tunnels are used Technical Level
  • Any created static route pointing out the vpnt interface (or the nexthop peer) do not show in the routing table.

  • When installing policy, a cluster VIP from another VTI can be assigned to newly created VTI.

  • Log in $FWDIR/log/Routed.log shows that the VIP is added somewhere else. For example, IP for vpnt67 is removed so it can become vpnt84's IP:
    [DATE TIME] cpcl_create_address(3319): Removing X.X.X.X from vpnt67 so it can become vpnt84's cluster IP


When using more than 50 VPN Tunnel Interfaces (VTI), the temporary storage runs out, and the Security Gateway start assigning VIP's used by other interfaces to a new VTI.

Note: To view this solution you need to Sign In .