Hello community, have been browsing around the forum for a little while and scavenging the internet - I am unable to find a one stop shop resource for the maximum IPSec tunnel count on CISCO Routers. I see some answers here and there about a specific models but if I start asking the same question on all the possible models the community is going to hate me very soon
I am looking for a CISCO Router that can handle over 30,000 simultaneous IPSec tunnels ... maybe someone from CISCO might be able to provide such a chart ? or if any of you ladies and gents have access to your jobs aggregators, maybe you can provide some details and the max tunnel count from the "show crypto eli" command ? Thanks in advance to all !!!
Interesting question - that is very huge numbers, it required definitely design - i do not believe 1 device can support that many tunnels. if anyone deployed 1 device that is one of the mistakes of ERA.
Sure it required kind of plan and ASR 9K or SP based routers need. Only my suggestion is , is this really a requirement, or just for knowledge base.
if required please do contact Cisco or Partner.
I did working ASR / ISR - the maximum tunnels seen, but 30K is a good number. quite a lot of investment.
*** Rate All Helpful Responses ***
Thank you Balaji
However, the question about having a chart of how many IPSec tunnels can be handled by a single unit still stands - it would be a good selection mechanism, I've stumbled upon posts where people realize the maximum tunnel amount when they have the appliance in hand already, it would be great to have this information in advance so one could plan for expansion before hand
Will wait and see maybe someone else was able to get their hands on this information.
just want to mention that there is different between Site-to-Site and RA IPSec.
for this hug number I think that many VPN GW config in one Server farm solve this issue.