11-12-2013 02:15 AM - edited 03-04-2019 09:33 PM
Hi,
I got a couple of 3945, and I would like to put the routers in Active/Standby using HSRP. I got also a four
FL-SSLVPN100-K9 so 400 licenses VPN SSL.
My doubt is, how to license this VPNs, I have not found any thing clear on cisco.com. If I have an Active/Standby, can I license all 400 VPN SSL to the Active Router, and replicate as a bakcup the four license on the Standby Router?
Or I just need to registers 200 VPN SSL on the Active Router and on the Standby Router the other 200 VPN SSL (losing 200 clients, that only could by used just in case of a failure of the active router)
Yours faithfully,
Esteve
11-12-2013 02:28 AM
You have to activate 200 licenses on Router1 and 200 licenses on Router2. The license-information is not synchronized between them. But you don't need to lose any possible sessions as cou can also run an active/active scenario with two HSRP-groups. And on very new software you could even configure IKEv2-Loadbalancing for many routers.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-12-2013 02:55 AM
Thanks Karsten for your quickly response,
I will check the last thing you say about IKEv2-Loadbalancing.
Kind Regards
Esteve
11-12-2013 02:59 AM
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-12-2013 03:38 AM
Chess:)
11-13-2013 05:28 AM
Hi Karsten,
Just one thing more, do you know with is the maximum of concurrent VPN SSL can run into one 3945? I am very surprise to see that Cisco said that the maximum number of VPNs is 200.
Yours faithfully,
Esteve
11-13-2013 05:48 AM
Yes, the concurent VPN-user-count on the ISR are not that high. But if you need many AnyConnect-users, you should also calculate if an ASA with AnyConnect-Essentials license is less expensive then a router with that many AnyConnect-licenses.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-13-2013 06:08 AM
OK, well it is to late to chenge for ASA...
So there is no way to have more than 200 VPN-SSL on a Router 3945? (just to clirify)
The limitation comes by limitation the CPU, memory, or it's just a Licence limitation? The 3945 brings the Security Bundle...
Thanks for your support karsten
Regards
Esteve
11-13-2013 06:38 AM
The maxium of 200 SSL tunnels for the 3925/3945 is also what I'm aware of. The 3925E/3945E is documented to handle up to 500 SSL-tunnels. For IPSec-tunnels the count is mouch higher if you have the HSEC-license (2000 for the 3945).
I assume that it an overall ressource-limitation.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-13-2013 07:13 AM
Thanks, this is all. have a good day!
Regards
Esteve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide