cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
697
Views
0
Helpful
3
Replies
Hassan Hameed
Beginner

Cisco ISR 4431/k9 Concurrent VPN Sessions(GRE & IPsec)

Hi! I have cisco ISR-4431 router i want to know how many concurrent sessions of VPN like IPsec or GRE can be handled by my router?

1 ACCEPTED SOLUTION

Accepted Solutions
Richard Burts
Hall of Fame Guru

There are a couple of things that determine how many concurrent vpn sessions your 4431 can support. In practical terms there is some limit based on the amount of memory the 4431 has. Since we do not know how much memory your 4431 has we can not provide a number, but I am confident that it is a pretty large number. How many concurrent vpn sessions are possible is also impacted by how busy the vpn sessions are. If most of the vpn sessions are processing small amounts of traffic then the limit is larger while vpn sessions processing large amounts of traffic would have lower number of sessions.

 

There is also a hard limit on how many concurrent vpn sessions are supported which is based on the number of IDB (Interface Descriptor Blocks) your 4431 has. Every hardware interface, every software interface, every subinterface, every virtual interface (such as a loopback or a tunnel) requires an IDB. The number of IDB supported varies by platform and also varies by software version. I do not know of any IOS platform for which the number of IDB is less than 300 and believe that your 4431 would have more than 300. You can find the number of IDB supported on your 4431 using the command show idb.

HTH

Rick

View solution in original post

3 REPLIES 3
Richard Burts
Hall of Fame Guru

There are a couple of things that determine how many concurrent vpn sessions your 4431 can support. In practical terms there is some limit based on the amount of memory the 4431 has. Since we do not know how much memory your 4431 has we can not provide a number, but I am confident that it is a pretty large number. How many concurrent vpn sessions are possible is also impacted by how busy the vpn sessions are. If most of the vpn sessions are processing small amounts of traffic then the limit is larger while vpn sessions processing large amounts of traffic would have lower number of sessions.

 

There is also a hard limit on how many concurrent vpn sessions are supported which is based on the number of IDB (Interface Descriptor Blocks) your 4431 has. Every hardware interface, every software interface, every subinterface, every virtual interface (such as a loopback or a tunnel) requires an IDB. The number of IDB supported varies by platform and also varies by software version. I do not know of any IOS platform for which the number of IDB is less than 300 and believe that your 4431 would have more than 300. You can find the number of IDB supported on your 4431 using the command show idb.

HTH

Rick

View solution in original post

Now i got the crystal clear picture. 
Thank You! 

You are welcome. I am glad that my explanation was helpful.  Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick