Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1223
Views
0
Helpful
3
Replies

Maximum IPSec Tunnels - CISCO Products

Oleksandr Y.
Level 1
Level 1

‎10-06-2020 01:26 PM

Hello community, have been browsing around the forum for a little while and scavenging the internet - I am unable to find a one stop shop resource for the maximum IPSec tunnel count on CISCO Routers. I see some answers here and there about a specific models but if I start asking the same question on all the possible models the community is going to hate me very soon  

I am looking for a CISCO Router that can handle over 30,000 simultaneous IPSec tunnels ... maybe someone from CISCO might be able to provide such a chart ? or if any of you ladies and gents have access to your jobs aggregators, maybe you can provide some details and the max tunnel count from the "show crypto eli" command ? Thanks in advance to all !!!  

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-06-2020 02:24 PM

Interesting question - that is very huge numbers, it required definitely design - i do not believe 1 device can support that many tunnels. if anyone deployed 1 device that is one of the mistakes of ERA.

 

Sure it required kind of plan and ASR 9K or SP based routers need.  Only my suggestion is , is this really a requirement, or just for knowledge base.

 

if required please do contact Cisco or Partner.

 

I did working ASR / ISR - the maximum tunnels seen, but 30K  is a good number. quite a lot of investment.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Oleksandr Y.
Level 1
Level 1
In response to balaji.bandi

‎10-07-2020 05:54 AM

Thank you Balaji  I figured 30k+ tunnels is going to be a jaw dropping number but there must be some solution. There must be situations somewhere in the world calling for such numbers ... maybe they are segregated to different end points ? 

However, the question about having a chart of how many IPSec tunnels can be handled by a single unit still stands - it would be a good selection mechanism, I've stumbled upon posts where people realize the maximum tunnel amount when they have the appliance in hand already, it would be great to have this information in advance so one could plan for expansion before hand  

Will wait and see maybe someone else was able to get their hands on this information. 

0 Helpful

MHM Cisco World
VIP
VIP

‎10-12-2020 12:39 PM

just want to mention that there is different between Site-to-Site and RA IPSec.
for this hug number I think that many VPN GW config in one Server farm solve this issue. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card