Showing results for 
Search instead for 
Did you mean: 

Maximum IPSec Tunnels - CISCO Products

Oleksandr Y.

Hello community, have been browsing around the forum for a little while and scavenging the internet - I am unable to find a one stop shop resource for the maximum IPSec tunnel count on CISCO Routers. I see some answers here and there about a specific models but if I start asking the same question on all the possible models the community is going to hate me very soon  

I am looking for a CISCO Router that can handle over 30,000 simultaneous IPSec tunnels ... maybe someone from CISCO might be able to provide such a chart ? or if any of you ladies and gents have access to your jobs aggregators, maybe you can provide some details and the max tunnel count from the "show crypto eli" command ? Thanks in advance to all !!!  


VIP Guru VIP Guru
VIP Guru

Interesting question - that is very huge numbers, it required definitely design - i do not believe 1 device can support that many tunnels. if anyone deployed 1 device that is one of the mistakes of ERA.


Sure it required kind of plan and ASR 9K or SP based routers need.  Only my suggestion is , is this really a requirement, or just for knowledge base.


if required please do contact Cisco or Partner.


I did working ASR / ISR - the maximum tunnels seen, but 30K  is a good number. quite a lot of investment.




***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you Balaji  I figured 30k+ tunnels is going to be a jaw dropping number but there must be some solution. There must be situations somewhere in the world calling for such numbers ... maybe they are segregated to different end points ? 

However, the question about having a chart of how many IPSec tunnels can be handled by a single unit still stands - it would be a good selection mechanism, I've stumbled upon posts where people realize the maximum tunnel amount when they have the appliance in hand already, it would be great to have this information in advance so one could plan for expansion before hand  

Will wait and see maybe someone else was able to get their hands on this information. 

MHM Cisco World

just want to mention that there is different between Site-to-Site and RA IPSec.
for this hug number I think that many VPN GW config in one Server farm solve this issue. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: