We terminated about 25 site-to-site VPN tunnels on the Cisco ASA 5540 (2 GB RAM). It appears that the memory utilization is getting higher when adding the tunnel. We are planing to remove those 25 VPN tunnels out 5540, and soon we will add additional 40 VPN tunnels on it. So it will be totall around 65 tunnels, and maybe add couple tunnels per year for the future grow, but about 25 VPN tunnels are using at all the time, the others are just backup purpose, standby only. We are looking for the new network device (router or ASA) to accomadate the needs. Can anyone recommend which network device is better to handle VPN tunnel for this infrastructure? Please provide more details as possible. Your help is greatly appreciated.
I have a 5540 with more that 30 l2l tunnels and 200+ rvpn and the device has no issues. I suggest you check the encryption level you are using.
Sent from Cisco Technical Support iPad App
I have a customer who is running over 400 site to site VPN tunnels using an ASR1002 and it is working very well for them. They feel that the router platform scales well for this and that the ability to run dynamic routing protocols over the tunnel is a considerable advantage.
Sent from Cisco Technical Support iPhone App
As indicated by Andrew Prince
Thank you for replying.
The main reason causes the high memory utilization is we have too many ACL's configured as per host instead of subnets for setting up each VPN due to the security issue. Bandwidth is not the issue at this time. We don't have many IPSec sa, it is about 25. Not sure how many ACL's the router ASR 1002 can handle?
The ASR family can handle up to 16000 access control lists.
Here I would suggest you to fine tune your router config and customise your ACL's so that you can reduce the burden on the router which will results in good performance.
See the below link for complete information about ASR 1000 family.
Please rate the helpfull posts.