Cisco VPN concetrators and # concurrent connections assistance

cisco24x7 · ‎05-01-2009

Need help from gurus with expertise in Cisco VPN concentrators.

I have 4 Cisco VPN concentrators 3030 running the latest code in load-balancing mode.

These VPNCs sit behind a pair of Checkpoint NGx R65 gateways capable of pushing 10Gbps

throughput. Our internet connection is a 200Mbps pipe. I verified that I can push

200Mpbs over the Internet without any issues. We use the VPNCs for remote access VPN

using Cisco VPN client version 5.0.03.0530.

According to the documentation from Cisco, the VPNc 3030 can handle up to 1500 concurrent

session. However, what I have found is that once the VPNc gets to about 150 sessions, it

stops accepting new connections. In other words, I am maxed out at 600 total concurrent

sessions on 4 Concentrators. I need to support about 3000 users but can not go beyond

600 concurrent sessions.

Anyone able to get the VPNc 3030 accepting more than 150 concurrent sessions? If so, how?

Thanks.

Todd Pula · ‎05-01-2009

What happens when the 151st user tries to connect? Are there any errors logged? Check to see what value you have configured under the following:

Configuration | System | General | Sessions

cisco24x7 · ‎05-02-2009

I am not seeing any un-usual stuffs in the log of the VPNc but I know that the whole

infrastructure of the VPNc could not scale pass 600 concurrent connections. I can not re-produce this in the lab because there are no tools out there to simulate that many VPN connections.

How does Cisco simulate more than 600 remote access IPsec connections? Thanks.

mjhanji · ‎05-03-2009

How many SEP modules do you have in the VPN 3030? This model support 1500 Simultaneous IPsec Users with max device memory and SEP-E modules.

Please refer to link for more details - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/product_data_sheet09186a00801d3b56.html

There are traffic generator tools like IXIA/Spirent which are generally used to simulate connections.